CVE-2006-0377 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0377
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0377

Description: CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24849 SUSE http://www.novell.com/linux/security/advisories/2006_05_sr.html ST 1015662 SGI SAID Secunia Advisory: SA18985 Secunia Advisory: SA19131 Secunia Advisory: SA19130 Secunia Advisory: SA19176 Secunia Advisory: SA19205 Secunia Advisory: SA19960 Secunia Advisory: SA20210 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0283.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:049 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html DEBIAN http://www.debian.org/security/2006/dsa-988 CONFIRM http://www.squirrelmail.org/security/issue/2006-02-15 BID 16756

Return to the previous page.