CVE-2006-4019

MEDIUM

Description

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

http://attrition.org/pipermail/vim/2006-August/000970.html

http://docs.info.apple.com/article.html?artnum=306172

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://marc.info/?l=full-disclosure&m=115532449024178&w=2

http://secunia.com/advisories/21354

http://secunia.com/advisories/21444

http://secunia.com/advisories/21586

http://secunia.com/advisories/22080

http://secunia.com/advisories/22104

http://secunia.com/advisories/22487

http://secunia.com/advisories/26235

http://securitytracker.com/id?1016689

http://www.debian.org/security/2006/dsa-1154

http://www.mandriva.com/security/advisories?name=MDKSA-2006:147

http://www.novell.com/linux/security/advisories/2006_23_sr.html

http://www.osvdb.org/27917

http://www.redhat.com/support/errata/RHSA-2006-0668.html

http://www.securityfocus.com/archive/1/442980/100/0/threaded

http://www.securityfocus.com/archive/1/442993/100/0/threaded

http://www.securityfocus.com/bid/19486

http://www.securityfocus.com/bid/25159

http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch

http://www.squirrelmail.org/security/issue/2006-08-11

http://www.vupen.com/english/advisories/2006/3271

http://www.vupen.com/english/advisories/2007/2732

https://exchange.xforce.ibmcloud.com/vulnerabilities/28365

https://issues.rpath.com/browse/RPL-577

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533

Details

Source: MITRE

Published: 2006-08-11

Updated: 2018-10-17

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM