[email protected]NVD:CVE-2010-1637

HistoryJun 22, 2010 - 5:30 p.m.

CVE-2010-1637

2010-06-2217:30:01

CWE-918

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

Affected configurations

NVD

Node

squirrelmailsquirrelmailRange≤1.4.20

Node

fedoraprojectfedoraMatch11

fedoraprojectfedoraMatch12

fedoraprojectfedoraMatch13

Node

applemac_os_xRange<10.6.8

applemac_os_x_serverRange<10.6.8

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_workstationMatch5.0

References

conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html

rhn.redhat.com/errata/RHSA-2012-0103.html

secunia.com/advisories/40307

squirrelmail.org/security/issue/2010-06-21

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951

support.apple.com/kb/HT5130

www.mandriva.com/security/advisories?name=MDVSA-2010:120

www.openwall.com/lists/oss-security/2010/05/25/3

www.openwall.com/lists/oss-security/2010/05/25/9

www.openwall.com/lists/oss-security/2010/06/21/1

www.securityfocus.com/bid/40291

www.securityfocus.com/bid/40307

www.vupen.com/english/advisories/2010/1535

www.vupen.com/english/advisories/2010/1536

www.vupen.com/english/advisories/2010/1554