SquirrelMail sqimap_mailbox_select mailbox Parameter Arbitrary IMAP Command Injection

2006-02-15T06:20:53
ID OSVDB:23386
Type osvdb
Reporter OSVDB
Modified 2006-02-15T06:20:53

Description

Solution Description

Upgrade to version 1.4.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.squirrelmail.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015662 Secunia Advisory ID:18985 Secunia Advisory ID:19130 Secunia Advisory ID:19960 Secunia Advisory ID:20210 Secunia Advisory ID:19131 Secunia Advisory ID:19176 Secunia Advisory ID:19205 Related OSVDB ID: 23385 Related OSVDB ID: 23384 RedHat RHSA: RHSA-2006:0283 Other Advisory URL: http://www.debian.org/security/2006/dsa-988 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0513.html CVE-2006-0377