Test ID:	1.3.6.1.4.1.25623.1.0.100688
Category:	Web application abuses
Title:	SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability
Summary:	Determine if SquirrelMail version is < 1.4.21/1.5.2
Description:	Description: Overview: SquirrelMail is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks. This issue affects SquirrelMail 1.4.x versions. Solution: Updates are available. Please see the references for more information. References: https://www.securityfocus.com/bid/40291 http://permalink.gmane.org/gmane.comp.security.oss.general/2935 http://permalink.gmane.org/gmane.comp.security.oss.general/3064 http://permalink.gmane.org/gmane.comp.security.oss.general/2936 http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://www.squirrelmail.org CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Cross-Ref:	BugTraq ID: 40291 Common Vulnerability Exposure (CVE) ID: CVE-2010-1637 http://www.openwall.com/lists/oss-security/2010/05/25/9 http://www.openwall.com/lists/oss-security/2010/05/25/3 http://www.openwall.com/lists/oss-security/2010/06/21/1 http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:120 RedHat Security Advisories: RHSA-2012:0103 http://rhn.redhat.com/errata/RHSA-2012-0103.html http://www.securityfocus.com/bid/40291 BugTraq ID: 40307 http://www.securityfocus.com/bid/40307 http://secunia.com/advisories/40307 http://www.vupen.com/english/advisories/2010/1535 http://www.vupen.com/english/advisories/2010/1536 http://www.vupen.com/english/advisories/2010/1554
Copyright	This script is Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 56160 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: