CVE-2006-4019
First published: Fri Aug 11 2006(Updated: )
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SquirrelMail | =1.4.2 | |
| SquirrelMail | =1.4.6_rc1 | |
| SquirrelMail | =1.4.3_r3 | |
| SquirrelMail | =1.4.6 | |
| SquirrelMail | =1.4.7 | |
| SquirrelMail | =1.4.3_rc1 | |
| SquirrelMail | =1.4.4_rc1 | |
| SquirrelMail | =1.4.3 | |
| SquirrelMail | =1.4.1 | |
| SquirrelMail | =1.4.0 | |
| SquirrelMail | =1.44 | |
| SquirrelMail | =1.4.3a | |
| SquirrelMail | =1.4_rc1 | |
| SquirrelMail | =1.4.4 | |
| SquirrelMail | =1.4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.squirrelmail.org/security/issue/2006-08-11
- http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
- http://secunia.com/advisories/21354
- http://attrition.org/pipermail/vim/2006-August/000970.html
- https://issues.rpath.com/browse/RPL-577
- http://www.securityfocus.com/bid/19486
- http://www.osvdb.org/27917
- http://securitytracker.com/id?1016689
- http://secunia.com/advisories/21444
- http://www.debian.org/security/2006/dsa-1154
- http://secunia.com/advisories/21586
- http://www.redhat.com/support/errata/RHSA-2006-0668.html
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://secunia.com/advisories/22104
- http://secunia.com/advisories/22487
- http://secunia.com/advisories/22080
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:147
- http://www.securityfocus.com/bid/25159
- http://secunia.com/advisories/26235
- http://www.vupen.com/english/advisories/2007/2732
- http://www.vupen.com/english/advisories/2006/3271
- http://marc.info/?l=full-disclosure&m=115532449024178&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28365
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533
- http://www.securityfocus.com/archive/1/442993/100/0/threaded
- http://www.securityfocus.com/archive/1/442980/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-4019?
CVE-2006-4019 is considered a critical vulnerability due to its potential to compromise user data and account integrity.
How do I fix CVE-2006-4019?
To fix CVE-2006-4019, upgrade SquirrelMail to version 1.4.8 or later, which addresses this vulnerability.
Which versions of SquirrelMail are affected by CVE-2006-4019?
CVE-2006-4019 affects SquirrelMail versions 1.4.0 to 1.4.7.
What types of attacks can exploit CVE-2006-4019?
CVE-2006-4019 can be exploited by remote attackers to overwrite arbitrary program variables leading to unauthorized access to user attachments and preferences.
Is there a patch available for CVE-2006-4019?
Yes, a patch is available for CVE-2006-4019 that can be applied to the affected versions of SquirrelMail.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/squirrelmail
- canonical/squirrelmail
- version/squirrelmail/1.4.2
- version/squirrelmail/1.4.6_rc1
- version/squirrelmail/1.4.3_r3
- version/squirrelmail/1.4.6
- version/squirrelmail/1.4.7
- version/squirrelmail/1.4.3_rc1
- version/squirrelmail/1.4.4_rc1
- version/squirrelmail/1.4.3
- version/squirrelmail/1.4.1
- version/squirrelmail/1.4.0
- version/squirrelmail/1.44
- version/squirrelmail/1.4.3a
- version/squirrelmail/1.4_rc1
- version/squirrelmail/1.4.4
- version/squirrelmail/1.4.5