[VIM] SquirrelMail GPG Plugin Vulnerabilities

Nicob nicob at nicob.net
Tue Jul 10 11:40:31 UTC 2007

> o http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html 
> is a post made Nicob on 7/8 to Daily Dave that mentions an attack vector 
> fixed in version 2.1 but provides no specifics.

> o http://lists.immunitysec.com/pipermail/dailydave/2007-July/004456.html 
> is a post made by Nicob on 7/9 to Daily Dave that details an attack 
> vector involving the gpg_check_sign_pgp_mime() function in 
> gpg_hook_functions.php.

That's the same vuln.

My PoC for the gpg_check_sign_pgp_mime() command execution doesn't
affect version 2.1 because of a switch from exec() to proc_open(). But I
wouldn't bet there's no more room for exploitation of this very vuln if
somebody spend enough time to understand their complex use of


More information about the VIM mailing list