ID CVE-2006-2842
Summary ** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
References
Vulnerable Configurations
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.6
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.6
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.7
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.7
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.8
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.8
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.9
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.9
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.10
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.10
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.11
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.11
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.6
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.6
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1
CVSS
Base: 7.5 (as of 06-06-2006 - 17:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Squirrelmail 1.4.x Redirect.PHP Local File Include Vulnerability. CVE-2006-2842. Webapps exploit for php platform
id EDB-ID:27948
last seen 2016-02-03
modified 2006-06-02
published 2006-06-02
reporter brokejunker
source https://www.exploit-db.com/download/27948/
title Squirrelmail 1.4.x Redirect.PHP Local File Include Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SQUIRRELMAIL-1837.NASL
    description This update fixes a local file inclusion problem in the squirrelmail webmail frontend. The issue is tracked by the Mitre CVE ID CVE-2006-2842.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27454
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27454
    title openSUSE 10 Security Update : squirrelmail (squirrelmail-1837)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0547.NASL
    description An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found in the way SquirrelMail loads plugins. In SquirrelMail 1.4.6 or earlier, if register_globals is on and magic_quotes_gpc is off, it became possible for an unauthenticated remote user to view the contents of arbitrary local files the web server has read-access to. This configuration is neither default nor safe, and configuring PHP with the register_globals set on is dangerous and not recommended. (CVE-2006-2842) Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22001
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22001
    title CentOS 3 / 4 : squirrelmail (CESA-2006:0547)
  • NASL family CGI abuses
    NASL id SQUIRRELMAIL_PLUGINS_FILE_INCLUDE.NASL
    description The version of SquirrelMail installed on the remote web server fails to properly sanitize user-supplied input to the 'plugins' parameter of the 'functions/plugin.php' script before using it in a PHP 'include_once()' function. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 21630
    published 2006-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21630
    title SquirrelMail plugin.php plugins Parameter Local File Inclusion
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0547.NASL
    description An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found in the way SquirrelMail loads plugins. In SquirrelMail 1.4.6 or earlier, if register_globals is on and magic_quotes_gpc is off, it became possible for an unauthenticated remote user to view the contents of arbitrary local files the web server has read-access to. This configuration is neither default nor safe, and configuring PHP with the register_globals set on is dangerous and not recommended. (CVE-2006-2842) Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 21915
    published 2006-07-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21915
    title RHEL 3 / 4 : squirrelmail (RHSA-2006:0547)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP - Quartz Composer - Samba - SquirrelMail - Tomcat - WebCore - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25830
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25830
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
oval via4
accepted 2013-04-29T04:15:16.795-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description ** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
family unix
id oval:org.mitre.oval:def:11670
status accepted
submitted 2010-07-09T03:56:16-04:00
title ** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
version 23
redhat via4
advisories
bugzilla
id 194283
title CVE-2006-2842 Squirrelmail file inclusion
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0547
released 2006-07-03
severity Moderate
title RHSA-2006:0547: squirrelmail security update (Moderate)
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 18231
  • 25159
bugtraq 20060601 Squirrelmail local file inclusion
confirm
mandriva MDKSA-2006:101
sectrack 1016209
secunia
  • 20406
  • 20931
  • 21159
  • 21262
  • 26235
sgi 20060703-01-P
suse SUSE-SR:2006:017
vupen
  • ADV-2006-2101
  • ADV-2007-2732
Last major update 07-03-2011 - 21:37
Published 06-06-2006 - 16:06
Last modified 18-10-2018 - 12:43
Back to Top