Vulnerability Name:

CVE-2007-3636 (CCN-35800)

Assigned:2007-07-09
Published:2007-07-09
Updated:2008-11-15
Summary:Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors.
Note: this information is based upon a vague pre-advisory from a reliable researcher.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-3636

Source: CCN
Type: Dailydave Mailing List, Mon Jul 9 03:26:56 EDT 2007
SquirrelMail GPG Plugin vuln

Source: MLIST
Type: UNKNOWN
[dailydave] 20070709 SquirrelMail GPG Plugin vuln

Source: OSVDB
Type: UNKNOWN
45790

Source: CCN
Type: VIM Mailing List, Tue Jul 10 01:46:25 UTC 2007
SquirrelMail GPG Plugin Vulnerabilities

Source: VIM
Type: UNKNOWN
20070710 SquirrelMail GPG Plugin Vulnerabilities

Source: CCN
Type: OSVDB ID: 37923
SquirrelMail G/PGP (GPG) Plugin gpg_keyring.php deleteKey Function Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 37924
SquirrelMail G/PGP (GPG) Plugin gpg_key_functions.php gpg_recv_key Function Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 41408
SquirrelMail G/PGP (GPG) Plugin keyring_main.php fpr Variable Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 45790
SquirrelMail G/PGP (GPG) Plugin Unspecified Remote Command Execution

Source: BID
Type: UNKNOWN
24828

Source: CCN
Type: BID-24828
SquirrelMail G/PGP Encryption Plug-in Multiple Unspecified Remote Command Execution Vulnerabilities

Source: CCN
Type: SquirrelMail Web site
Plugins - G/PGP Encryption Plugin

Source: XF
Type: UNKNOWN
gpgp-multiple-unspecified-command-execution(35800)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    squirrelmail gpg plugin 2.0
    squirrelmail squirrelmail 1.4.10a