Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0377

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0377
Last Modified 07 Mar 2011 09:29:54
Published 23 Feb 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0377

Summary

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

Vulnerable Systems

Application

  • Squirrelmail 1.4

  • Squirrelmail 1.4 Rc1

  • Squirrelmail 1.4.1

  • Squirrelmail 1.4.2

  • Squirrelmail 1.4.3

  • Squirrelmail 1.4.3 R3

  • Squirrelmail 1.4.3 Rc1

  • Squirrelmail 1.4.3a

  • Squirrelmail 1.4.4

  • Squirrelmail 1.4.4 Rc1

  • Squirrelmail 1.4.5

  • Squirrelmail 1.4.6 Rc1


References

CONFIRM - http://www.squirrelmail.org/security/issue/2006-02-15

SECTRACK - 1015662

XF - squirrelmail-mailbox-imap-injection(24849)

VUPEN - ADV-2006-0689

BID - 16756

SECUNIA - 18985

REDHAT - RHSA-2006:0283

FEDORA - FEDORA-2006-133

SUSE - SUSE-SR:2006:005

MANDRIVA - MDKSA-2006:049

GENTOO - GLSA-200603-09

DEBIAN - DSA-988

SECUNIA - 20210

SECUNIA - 19960

SECUNIA - 19205

SECUNIA - 19176

SECUNIA - 19131

SECUNIA - 19130

SGI - 20060501-01-U


Last Updated: 27 May 2016 10:41:38