VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1637

squirrelmail: The Mail Fetch plugin in SquirrelMail 1.4.20 and ea...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1637

Original

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-22

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-23

Affected Product Tags

cpe:/a:squirrelmail:squirrelmail:0.1

cpe:/a:squirrelmail:squirrelmail:0.1.1

cpe:/a:squirrelmail:squirrelmail:0.1.2

cpe:/a:squirrelmail:squirrelmail:0.2

cpe:/a:squirrelmail:squirrelmail:0.2.1

cpe:/a:squirrelmail:squirrelmail:0.3

cpe:/a:squirrelmail:squirrelmail:0.3.1

cpe:/a:squirrelmail:squirrelmail:0.3pre1

cpe:/a:squirrelmail:squirrelmail:0.3pre2

cpe:/a:squirrelmail:squirrelmail:0.4

cpe:/a:squirrelmail:squirrelmail:0.4pre1

cpe:/a:squirrelmail:squirrelmail:0.4pre2

cpe:/a:squirrelmail:squirrelmail:0.5

cpe:/a:squirrelmail:squirrelmail:0.5pre1

cpe:/a:squirrelmail:squirrelmail:0.5pre2

cpe:/a:squirrelmail:squirrelmail:1.0

cpe:/a:squirrelmail:squirrelmail:1.0.1

cpe:/a:squirrelmail:squirrelmail:1.0.2

cpe:/a:squirrelmail:squirrelmail:1.0.3

cpe:/a:squirrelmail:squirrelmail:1.0.4

cpe:/a:squirrelmail:squirrelmail:1.0.5

cpe:/a:squirrelmail:squirrelmail:1.0.6

cpe:/a:squirrelmail:squirrelmail:1.0pre1

cpe:/a:squirrelmail:squirrelmail:1.0pre2

cpe:/a:squirrelmail:squirrelmail:1.0pre3

cpe:/a:squirrelmail:squirrelmail:1.1.0

cpe:/a:squirrelmail:squirrelmail:1.1.1

cpe:/a:squirrelmail:squirrelmail:1.1.2

cpe:/a:squirrelmail:squirrelmail:1.1.3

cpe:/a:squirrelmail:squirrelmail:1.2

cpe:/a:squirrelmail:squirrelmail:1.2.0

cpe:/a:squirrelmail:squirrelmail:1.2.0:rc3

cpe:/a:squirrelmail:squirrelmail:1.2.1

cpe:/a:squirrelmail:squirrelmail:1.2.10

cpe:/a:squirrelmail:squirrelmail:1.2.11

cpe:/a:squirrelmail:squirrelmail:1.2.2

cpe:/a:squirrelmail:squirrelmail:1.2.3

cpe:/a:squirrelmail:squirrelmail:1.2.4

cpe:/a:squirrelmail:squirrelmail:1.2.5

cpe:/a:squirrelmail:squirrelmail:1.2.6

cpe:/a:squirrelmail:squirrelmail:1.2.6:rc1

cpe:/a:squirrelmail:squirrelmail:1.2.7

cpe:/a:squirrelmail:squirrelmail:1.2.8

cpe:/a:squirrelmail:squirrelmail:1.2.9

cpe:/a:squirrelmail:squirrelmail:1.3.0

cpe:/a:squirrelmail:squirrelmail:1.3.1

cpe:/a:squirrelmail:squirrelmail:1.3.2

cpe:/a:squirrelmail:squirrelmail:1.4

cpe:/a:squirrelmail:squirrelmail:1.4.0

cpe:/a:squirrelmail:squirrelmail:1.4.0-r1

cpe:/a:squirrelmail:squirrelmail:1.4.0:rc1

cpe:/a:squirrelmail:squirrelmail:1.4.0:rc2a

cpe:/a:squirrelmail:squirrelmail:1.4.1

cpe:/a:squirrelmail:squirrelmail:1.4.10

cpe:/a:squirrelmail:squirrelmail:1.4.10a

cpe:/a:squirrelmail:squirrelmail:1.4.11

cpe:/a:squirrelmail:squirrelmail:1.4.12

cpe:/a:squirrelmail:squirrelmail:1.4.13

cpe:/a:squirrelmail:squirrelmail:1.4.15

cpe:/a:squirrelmail:squirrelmail:1.4.15:rc1

cpe:/a:squirrelmail:squirrelmail:1.4.16

cpe:/a:squirrelmail:squirrelmail:1.4.17

cpe:/a:squirrelmail:squirrelmail:1.4.18

cpe:/a:squirrelmail:squirrelmail:1.4.19

cpe:/a:squirrelmail:squirrelmail:1.4.2

cpe:/a:squirrelmail:squirrelmail:1.4.2-r1

cpe:/a:squirrelmail:squirrelmail:1.4.2-r2

cpe:/a:squirrelmail:squirrelmail:1.4.2-r3

cpe:/a:squirrelmail:squirrelmail:1.4.2-r4

cpe:/a:squirrelmail:squirrelmail:1.4.2-r5

cpe:/a:squirrelmail:squirrelmail:1.4.20 and previous versions

cpe:/a:squirrelmail:squirrelmail:1.4.3

cpe:/a:squirrelmail:squirrelmail:1.4.3:r3

cpe:/a:squirrelmail:squirrelmail:1.4.3:rc1

cpe:/a:squirrelmail:squirrelmail:1.4.3a

cpe:/a:squirrelmail:squirrelmail:1.4.3aa

cpe:/a:squirrelmail:squirrelmail:1.4.4

cpe:/a:squirrelmail:squirrelmail:1.4.4:rc1

cpe:/a:squirrelmail:squirrelmail:1.4.4_rc1

cpe:/a:squirrelmail:squirrelmail:1.4.5

cpe:/a:squirrelmail:squirrelmail:1.4.5:rc1

cpe:/a:squirrelmail:squirrelmail:1.4.6

cpe:/a:squirrelmail:squirrelmail:1.4.6:rc1

cpe:/a:squirrelmail:squirrelmail:1.4.7

cpe:/a:squirrelmail:squirrelmail:1.4.8

cpe:/a:squirrelmail:squirrelmail:1.4.8.4fc6

cpe:/a:squirrelmail:squirrelmail:1.4.9

cpe:/a:squirrelmail:squirrelmail:1.4.9a

cpe:/a:squirrelmail:squirrelmail:1.44

cpe:/a:squirrelmail:squirrelmail:1.4:rc1

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://squirrelmail.org/security/issue/2010-06-21

MISC http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951

MISC http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951

MLIST [oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail

MLIST [oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)