options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract
function to process the $_POST variable, which allows remote attackers to
modify or read the preferences of other users, conduct cross-site scripting
XSS) attacks, and write arbitrary files.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | squirrelmail | <Â 1.4.6-1ubuntu0.1 | UNKNOWN |
ubuntu | 6.10 | noarch | squirrelmail | <Â 1.4.8-1ubuntu0.1 | UNKNOWN |
ubuntu | 7.04 | noarch | squirrelmail | <Â 1.4.9a-1ubuntu0.1 | UNKNOWN |