CVE-2007-3634 - OpenCVE

Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Squirrelmail	Gpg Plugin Squirrelmail

Configuration 1 [-]

AND

cpe:2.3:a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*

cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html
http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html
http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html
http://osvdb.org/45788
http://www.attrition.org/pipermail/vim/2007-July/001703.html
http://www.securityfocus.com/bid/24782
http://www.wslabi.com/wabisabilabi/initPublishedBid.do?

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-10T00:00:00

Updated: 2024-08-07T14:21:36.443Z

Reserved: 2007-07-09T00:00:00

Link: CVE-2007-3634

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-07-10T00:30:00.000

Modified: 2008-11-15T05:00:00.000

Link: CVE-2007-3634

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-02T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-07-19T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "45788", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45788"}, {"name": "24782", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24782"}, {"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"}, {"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"}, {"name": "[dailydave] 20070708 SquirrelMail GPG Plugin vuln", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"}, {"name": "[dailydave] 20070706 (no subject)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3634", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45788", "refsource": "OSVDB", "url": "http://osvdb.org/45788"}, {"name": "24782", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24782"}, {"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"}, {"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?", "refsource": "MISC", "url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"}, {"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"}, {"name": "[dailydave] 20070708 SquirrelMail GPG Plugin vuln", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"}, {"name": "[dailydave] 20070706 (no subject)", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:21:36.443Z"}, "title": "CVE Program Container", "references": [{"name": "45788", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/45788"}, {"name": "24782", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24782"}, {"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"}, {"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"}, {"name": "[dailydave] 20070708 SquirrelMail GPG Plugin vuln", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"}, {"name": "[dailydave] 20070706 (no subject)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3634", "datePublished": "2007-07-10T00:00:00", "dateReserved": "2007-07-09T00:00:00", "dateUpdated": "2024-08-07T14:21:36.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA23CE0F-9CD1-41BC-8DAE-BBAFD5FBFA34", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*", "matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el plugin G/PGP (GPG) versi\u00f3n 2.0 para Squirrelmail versi\u00f3n 1.4.10a, permite a usuarios autenticados remotoss ejecutar comandos arbitrarios por medio de vectores no especificados, posiblemente relacionados con la variable passphrase en la funci\u00f3n gpg_sign_attachment, tambi\u00e9n se conoce como ZD-0000000004. Esta informaci\u00f3n est\u00e1 basada en un aviso vago de una organizaci\u00f3n de ventas de informaci\u00f3n sobre vulnerabilidades que no coordina con los proveedores o publica avisos procesables. Ha sido asignado un CVE con fines de seguimiento, pero duplicidades con otros CVE son dif\u00edciles de determinar."}], "id": "CVE-2007-3634", "lastModified": "2008-11-15T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-10T00:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"}, {"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"}, {"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/45788"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24782"}, {"source": "cve@mitre.org", "url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.", "lastModified": "2007-07-10T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}