Detections
Analytics

MiracleLinux 3 : squirrelmail-1.4.8-21.AXS3 (AXSA:2013-274:01)

high Nessus Plugin ID 289181

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-274:01 advisory.

 SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install.
 SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.
 Security issues fixed with this release:
 CVE-2012-2124 functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
 Fixed bugs:
 SquirrelMail now handles multi-line subjects properly.
 Attachments written in HTML on windows now display correctly.
 Previously e-mail messages with a UID larger than 2^31 bytes were unreadable. This has been fixed.
 A PHP script failed to assign the proper character set to requested variables and SquirrelMail could not display any e-mails. This has been fixed.
 Fixed the incorrect internationalization option located at the i18n.php file so that the GB 2312 character set works correctly.
 Fixed the spelling of the PREG_SPLIT_NI_EMPTY constant: its correct name is PREG_SPLIT_NO_EMPTY. This fixes some error messages.
 Added a note to the SquirrelMail documentation on how to set SELinux options to allow sending emails from the SquirrelMail web interface.
 SquirrelMail now complies with the RFC 2822 specification and attachments with lines longer than 998 characters can now be forwarded.
 Changed the dependencies on the php-common script so that it is now possible to install or upgrade SquirrelMail on systems using php53.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected squirrelmail package.

See Also

https://tsn.miraclelinux.com/en/node/3907

Plugin Details

Severity: High

ID: 289181

File Name: miracle_linux_AXSA-2013-274.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2012-2124

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:squirrelmail, cpe:/o:miracle:linux:3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/27/2013

Vulnerability Publication Date: 1/8/2013

Reference Information

CVE: CVE-2012-2124