SquirrelMail map_yp_alias Command Injection Exploit Update

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting. This update improves os detection and adds runtime cost.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2009-1579
Product Version: 
2015_R1
Released Date: 
Tuesday, October 6, 2015 - 00:00