ID CVE-2006-4019
Summary Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
References
Vulnerable Configurations
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.6
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.6
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.7
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.7
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.44
    cpe:2.3:a:squirrelmail:squirrelmail:1.44
CVSS
Base: 6.4 (as of 14-08-2006 - 08:58)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite. CVE-2006-4019. Webapps exploit for PHP platform
id EDB-ID:43839
last seen 2018-01-24
modified 2016-08-11
published 2016-08-11
reporter Exploit-DB
source https://www.exploit-db.com/download/43839/
title SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite
nessus via4
  • NASL family CGI abuses
    NASL id SQUIRRELMAIL_SESSION_EXPIRED_POST_OVERWRITE.NASL
    description The installed version of SquirrelMail allows for restoring expired sessions in an unsafe manner. Using a specially crafted expired session and compose.php, a user can leverage this issue to take control of arbitrary variables used by the affected application, which can lead to other attacks against the system, such as reading or writing of arbitrary files on the system.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22230
    published 2006-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22230
    title SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0668.NASL
    description A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A dynamic variable evaluation flaw was found in SquirrelMail. Users who have an account on a SquirrelMail server and are logged in could use this flaw to overwrite variables which may allow them to read or write other users' preferences or attachments. (CVE-2006-4019) Users of SquirrelMail should upgrade to this erratum package, which contains SquirrelMail 1.4.8 to correct this issue. This package also contains a number of additional patches to correct various bugs. Note: After installing this update, users are advised to restart their httpd service to ensure that the new version functions correctly.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22450
    published 2006-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22450
    title CentOS 3 / 4 : squirrelmail (CESA-2006:0668)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_21B7C5502A2211DBA6E2000E0C2E438A.NASL
    description The SquirrelMail developers report : A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22209
    published 2006-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22209
    title FreeBSD : squirrelmail -- random variable overwrite vulnerability (21b7c550-2a22-11db-a6e2-000e0c2e438a)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0668.NASL
    description From Red Hat Security Advisory 2006:0668 : A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A dynamic variable evaluation flaw was found in SquirrelMail. Users who have an account on a SquirrelMail server and are logged in could use this flaw to overwrite variables which may allow them to read or write other users' preferences or attachments. (CVE-2006-4019) Users of SquirrelMail should upgrade to this erratum package, which contains SquirrelMail 1.4.8 to correct this issue. This package also contains a number of additional patches to correct various bugs. Note: After installing this update, users are advised to restart their httpd service to ensure that the new version functions correctly.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67409
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67409
    title Oracle Linux 4 : squirrelmail (ELSA-2006-0668)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1154.NASL
    description James Bercegay of GulfTech Security Research discovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or write the preferences or attachment files of other users.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22696
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22696
    title Debian DSA-1154-1 : squirrelmail - variable overwriting
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0668.NASL
    description A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A dynamic variable evaluation flaw was found in SquirrelMail. Users who have an account on a SquirrelMail server and are logged in could use this flaw to overwrite variables which may allow them to read or write other users' preferences or attachments. (CVE-2006-4019) Users of SquirrelMail should upgrade to this erratum package, which contains SquirrelMail 1.4.8 to correct this issue. This package also contains a number of additional patches to correct various bugs. Note: After installing this update, users are advised to restart their httpd service to ensure that the new version functions correctly.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22463
    published 2006-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22463
    title RHEL 3 / 4 : squirrelmail (RHSA-2006:0668)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP - Quartz Composer - Samba - SquirrelMail - Tomcat - WebCore - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25830
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25830
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
oval via4
accepted 2013-04-29T04:14:36.438-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
family unix
id oval:org.mitre.oval:def:11533
status accepted
submitted 2010-07-09T03:56:16-04:00
title Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
version 24
redhat via4
advisories
bugzilla
id 202195
title CVE-2006-4019 Squirrelmail authenticated user variable overwriting
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0668
released 2006-09-26
severity Moderate
title RHSA-2006:0668: squirrelmail security update (Moderate)
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 19486
  • 25159
bugtraq
  • 20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack
  • 20060811 rPSA-2006-0152-1 squirrelmail
confirm
debian DSA-1154
fulldisc 20060811 rPSA-2006-0152-1 squirrelmail
mandriva MDKSA-2006:147
misc http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
osvdb 27917
sectrack 1016689
secunia
  • 21354
  • 21444
  • 21586
  • 22080
  • 22104
  • 22487
  • 26235
sgi 20061001-01-P
suse SUSE-SR:2006:023
vim 20060811 SquirrelMail issue is dynamic variable evaluation
vupen
  • ADV-2006-3271
  • ADV-2007-2732
xf squirrelmail-compose-variable-overwrite(28365)
Last major update 17-10-2016 - 23:40
Published 11-08-2006 - 17:04
Last modified 17-10-2018 - 17:32
Back to Top