SquirrelMail < 1.4.4 URI Parsing Arbitrary Code Execution
Critical Nessus Network Monitor Plugin ID 2582
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 1.4.4-Stable are vulnerable to a remote buffer overflow within the URI parsing functionality of SquirrelMail. An attacker exploiting this flaw would only need to be able to send web requests to the vulnerable system.
SolutionUpgrade to version 1.4.4 or higher.