Mandriva Linux Security Advisory 2009-122 – The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. The updated packages have been upgraded to the latest version of squirrelmail to prevent this.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/77774/MDVSA-2009-122.txt
Source: https://packetstormsecurity.com/files/77774/Mandriva-Linux-Security-Advisory-2009-122.html