Information Disclosure

2020-04-1001:06:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

squirrelmail is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the SquirrelMail Mail Fetch plug-in. If an administrator enabled this plug-in, a SquirrelMail user could use this flaw to port scan the local network the server was on.

CPENameOperatorVersion
squirrelmaileq1.4.8__5.el4_8.8
squirrelmaileq1.4.8__4.el5
squirrelmaileq1.4.6__7.el4
squirrelmaileq1.4.8__4.el4
squirrelmaileq1.4.8__5.el4_7.3
squirrelmaileq1.4.8__5.el4_7.2
squirrelmaileq1.4.8__2.el4
squirrelmaileq1.4.8__5.el4_8.5
squirrelmaileq1.4.6__5.el4
squirrelmaileq1.4.8__4.0.1.el4

Name	Operator	Version
squirrelmail	eq	1.4.8__5.el4_8.8
squirrelmail	eq	1.4.8__4.el5
squirrelmail	eq	1.4.6__7.el4
squirrelmail	eq	1.4.8__4.el4
squirrelmail	eq	1.4.8__5.el4_7.3
squirrelmail	eq	1.4.8__5.el4_7.2
squirrelmail	eq	1.4.8__2.el4
squirrelmail	eq	1.4.8__5.el4_8.5
squirrelmail	eq	1.4.6__5.el4
squirrelmail	eq	1.4.8__4.0.1.el4

Rows per page:

1-10 of 221

References

conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html

rhn.redhat.com/errata/RHSA-2012-0103.html

secunia.com/advisories/40307

squirrelmail.org/security/issue/2010-06-21

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951

support.apple.com/kb/HT5130

www.mandriva.com/security/advisories?name=MDVSA-2010:120

www.openwall.com/lists/oss-security/2010/05/25/3

www.openwall.com/lists/oss-security/2010/05/25/9

www.openwall.com/lists/oss-security/2010/06/21/1

www.securityfocus.com/bid/40291

www.securityfocus.com/bid/40307

www.squirrelmail.org/security/issue/2010-06-21

www.squirrelmail.org/security/issue/2010-07-23

www.squirrelmail.org/security/issue/2011-07-10

www.squirrelmail.org/security/issue/2011-07-11

www.squirrelmail.org/security/issue/2011-07-12