Advisories MDVSA-2010:158: squirrelmail

[paul 9]

A vulnerability has been found and corrected in squirrelmail:

 

functions/imap_general.php in SquirrelMail before 1.4.21 does not

properly handle 8-bit characters in passwords, which allows remote

attackers to cause a denial of service (disk consumption) by making

many IMAP login attempts with different usernames, leading to the

creation of many preferences files (CVE-2010-2813).

 

This update provides squirrelmail 1.4.21, which is not vulnerable to

this issue.