CVE-2010-2813

Severity

50%

Complexity

99%

Confidentiality

48%

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 14 years ago

2010-08-19 18:00:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

SquirrelMail 1.4.0

1.4.0

SquirrelMail 1.4.1

1.4.1

SquirrelMail 1.4.2

1.4.2

SquirrelMail 1.4.3 Release Candidate 1

1.4.3

SquirrelMail 1.4.4 Release Candidate 1

1.4.4

SquirrelMail 1.4.5 Release Candidate 1

1.4.5

SquirrelMail 1.4.6 Release Candidate 1

1.4.6

SquirrelMail 1.4.7

1.4.7

SquirrelMail 1.4.8

1.4.8

SquirrelMail 1.4.10

1.4.10

SquirrelMail 1.4.13

1.4.13

SquirrelMail 1.4.15 Release Candidate 1

1.4.15

SquirrelMail 1.4.16

1.4.16

SquirrelMail 1.4.17

1.4.17

SquirrelMail 1.4.18

1.4.18

SquirrelMail 1.4.19

1.4.19

SquirrelMail

References

APPLE-SA-2012-02-01-1

FEDORA-2010-11410

FEDORA-2010-11422

RHSA-2012:0103

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972

http://support.apple.com/kb/HT5130

DSA-2091

42399

ADV-2010-2070

Vendor Advisory

ADV-2010-2080