Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2124

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2124
Last Modified 18 Jan 2013 12:00:00
Published 18 Jan 2013 06:48:39
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2124

Summary

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 4

  • Redhat Enterprise Linux 5

Application

  • Squirrelmail -


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=814671

MLIST - [oss-security] 20120420 CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103

SECUNIA - 51730

REDHAT - RHSA-2013:0126

Related Patches

Red Hat 2013:0126-01 RHSA Low: squirrelmail security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 11:01:42