SquirrelMail < 1.4.4 URI Parsing Arbitrary Code Execution

critical Nessus Network Monitor Plugin ID 2582

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 1.4.4-Stable are vulnerable to a remote buffer overflow within the URI parsing functionality of SquirrelMail. An attacker exploiting this flaw would only need to be able to send web requests to the vulnerable system.

Solution

Upgrade to version 1.4.4 or higher.

See Also

http://www.squirrelmail.org

Plugin Details

Severity: Critical

ID: 2582

Family: CGI

Published: 2/1/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squirrelmail:squirrelmail

Reference Information

CVE: CVE-2005-0152

BID: 12413