Jump to content
Sign in to follow this  

Advisories MDVSA-2010:158: squirrelmail

Recommended Posts

A vulnerability has been found and corrected in squirrelmail:


functions/imap_general.php in SquirrelMail before 1.4.21 does not

properly handle 8-bit characters in passwords, which allows remote

attackers to cause a denial of service (disk consumption) by making

many IMAP login attempts with different usernames, leading to the

creation of many preferences files (CVE-2010-2813).


This update provides squirrelmail 1.4.21, which is not vulnerable to

this issue.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...