6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.186 Low
EPSS
Percentile
96.2%
CentOS Errata and Security Advisory CESA-2006:0668
SquirrelMail is a standards-based webmail package written in PHP.
A dynamic variable evaluation flaw was found in SquirrelMail. Users who
have an account on a SquirrelMail server and are logged in could use this
flaw to overwrite variables which may allow them to read or write other
users’ preferences or attachments. (CVE-2006-4019)
Users of SquirrelMail should upgrade to this erratum package, which
contains SquirrelMail 1.4.8 to correct this issue. This package also
contains a number of additional patches to correct various bugs.
Note: After installing this update, users are advised to restart their httpd
service to ensure that the new version functions correctly.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075448.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075449.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075450.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075451.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075452.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075453.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075454.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075455.html
Affected packages:
squirrelmail
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0668
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | noarch | squirrelmail | < 1.4.8-2.el3.centos.1 | squirrelmail-1.4.8-2.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-2.el3.centos.1 | squirrelmail-1.4.8-2.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-2.el3.centos.1 | squirrelmail-1.4.8-2.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-2.el3.centos.1 | squirrelmail-1.4.8-2.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-2.el3.centos.1 | squirrelmail-1.4.8-2.el3.centos.1.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-2.el4.centos4 | squirrelmail-1.4.8-2.el4.centos4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-2.el4.centos4 | squirrelmail-1.4.8-2.el4.centos4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-2.el4.centos4 | squirrelmail-1.4.8-2.el4.centos4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-2.el4.centos4 | squirrelmail-1.4.8-2.el4.centos4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-2.el4.centos4 | squirrelmail-1.4.8-2.el4.centos4.noarch.rpm |