Secunia writes (http://secunia.com/advisories/13791/):
QUOTE
Description:
LSS Security Team has reported two vulnerabilities in the Vacation plugin for SquirrelMail, which can be exploited by malicious, local users to gain escalated privileges and disclose sensitive information.
1) The vulnerability is caused due to an input validation error in the command line handling in "ftpfile" and allows injection of arbitrary shell commands. This can be exploited by supplying a specially crafted command line argument containing shell meta characters.
2) The vulnerability is caused due to an input validation error in "ftpfile", making it possible to disclose arbitrary files via directory traversal attacks.
The vulnerabilities have been reported in version 0.15 and prior.
Solution:
Remove the setuid bit from "ftpfile". This may affect functionality.
LSS Security Team has reported two vulnerabilities in the Vacation plugin for SquirrelMail, which can be exploited by malicious, local users to gain escalated privileges and disclose sensitive information.
1) The vulnerability is caused due to an input validation error in the command line handling in "ftpfile" and allows injection of arbitrary shell commands. This can be exploited by supplying a specially crafted command line argument containing shell meta characters.
2) The vulnerability is caused due to an input validation error in "ftpfile", making it possible to disclose arbitrary files via directory traversal attacks.
The vulnerabilities have been reported in version 0.15 and prior.
Solution:
Remove the setuid bit from "ftpfile". This may affect functionality.