What is the severity of CVE-2010-2813?

CVE-2010-2813 has a medium severity level as it can lead to a denial of service due to excessive disk space consumption.

How do I fix CVE-2010-2813?

To fix CVE-2010-2813, upgrade SquirrelMail to a version that addresses this vulnerability, specifically versions higher than 1.4.20.

What affected software versions are vulnerable to CVE-2010-2813?

Versions of SquirrelMail prior to 1.4.20, including 1.4.0 through 1.4.19, are affected by CVE-2010-2813.

How does CVE-2010-2813 work?

CVE-2010-2813 exploits the way SquirrelMail handles random login attempts using 8-bit characters in passwords.

Can CVE-2010-2813 be exploited remotely?

Yes, CVE-2010-2813 can be exploited remotely by attackers sending random login attempts to the SquirrelMail service.

Vulnerability/
CVE-2010-2813

medium

CWE

399

26/7/2010

19/8/2010

24/2/2021

CVE-2010-2813

First published: Mon Jul 26 2010(Updated: )

A denial of service flaw was found in the way SquirrelMail processed random login attempts with 8-bit characters in the password. A remote attacker could use this flaw to cause the server system potentially to run out of the hard disk space via random login attempts, causing SquirrelMail temporarily to accept the login and create a preferences file for the given username. References: [1] <a href="http://www.squirrelmail.org/security/issue/2010-07-23">http://www.squirrelmail.org/security/issue/2010-07-23</a> Upstream patch: [2] <a href="http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972">http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972</a> Affected Versions: <= v1.4.20 Register Globals: Register_globals does not have to be on for this issue. Credit: Issue discovered by Mikhail Goriachev

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SquirrelMail	<=1.4.20
SquirrelMail	=1.4
SquirrelMail	=1.4-rc1
SquirrelMail	=1.4.0
SquirrelMail	=1.4.0-rc1
SquirrelMail	=1.4.0-rc2a
SquirrelMail	=1.4.0-r1
SquirrelMail	=1.4.0_rc1
SquirrelMail	=1.4.0_rc2a
SquirrelMail	=1.4.1
SquirrelMail	=1.4.2
SquirrelMail	=1.4.2-r1
SquirrelMail	=1.4.2-r2
SquirrelMail	=1.4.2-r3
SquirrelMail	=1.4.2-r4
SquirrelMail	=1.4.2-r5
SquirrelMail	=1.4.3
SquirrelMail	=1.4.3-r3
SquirrelMail	=1.4.3-rc1
SquirrelMail	=1.4.3_r3
SquirrelMail	=1.4.3_rc1
SquirrelMail	=1.4.3_rc1-r1
SquirrelMail	=1.4.3a
SquirrelMail	=1.4.3aa
SquirrelMail	=1.4.4
SquirrelMail	=1.4.4-rc1
SquirrelMail	=1.4.4_rc1
SquirrelMail	=1.4.5
SquirrelMail	=1.4.5-rc1
SquirrelMail	=1.4.5_rc1
SquirrelMail	=1.4.6
SquirrelMail	=1.4.6-rc1
SquirrelMail	=1.4.6_cvs
SquirrelMail	=1.4.6_rc1
SquirrelMail	=1.4.7
SquirrelMail	=1.4.8
SquirrelMail	=1.4.8.4fc6
SquirrelMail	=1.4.9
SquirrelMail	=1.4.9a
SquirrelMail	=1.4.10
SquirrelMail	=1.4.10a
SquirrelMail	=1.4.11
SquirrelMail	=1.4.12
SquirrelMail	=1.4.13
SquirrelMail	=1.4.15
SquirrelMail	=1.4.15-rc1
SquirrelMail	=1.4.15_rc1
SquirrelMail	=1.4.15rc1
SquirrelMail	=1.4.16
SquirrelMail	=1.4.17
SquirrelMail	=1.4.18
SquirrelMail	=1.4.19
SquirrelMail	=1.4_rc1
SquirrelMail	=1.44

Remedy

http://squirrelmail.org/security/issue/2010-07-23

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2813?
CVE-2010-2813 has a medium severity level as it can lead to a denial of service due to excessive disk space consumption.
How do I fix CVE-2010-2813?
To fix CVE-2010-2813, upgrade SquirrelMail to a version that addresses this vulnerability, specifically versions higher than 1.4.20.
What affected software versions are vulnerable to CVE-2010-2813?
Versions of SquirrelMail prior to 1.4.20, including 1.4.0 through 1.4.19, are affected by CVE-2010-2813.
How does CVE-2010-2813 work?
CVE-2010-2813 exploits the way SquirrelMail handles random login attempts using 8-bit characters in passwords.
Can CVE-2010-2813 be exploited remotely?
Yes, CVE-2010-2813 can be exploited remotely by attackers sending random login attempts to the SquirrelMail service.

collector/redhat-bugzilla
alias/CVE-2010-2813
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
agent/weakness
agent/references
agent/severity
agent/remedy
agent/author
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/squirrelmail
canonical/squirrelmail
version/squirrelmail/1.4.20
version/squirrelmail/1.4
version/squirrelmail/1.4-rc1
version/squirrelmail/1.4.0
version/squirrelmail/1.4.0-rc1
version/squirrelmail/1.4.0-rc2a
version/squirrelmail/1.4.0-r1
version/squirrelmail/1.4.0_rc1
version/squirrelmail/1.4.0_rc2a
version/squirrelmail/1.4.1
version/squirrelmail/1.4.2
version/squirrelmail/1.4.2-r1
version/squirrelmail/1.4.2-r2
version/squirrelmail/1.4.2-r3
version/squirrelmail/1.4.2-r4
version/squirrelmail/1.4.2-r5
version/squirrelmail/1.4.3
version/squirrelmail/1.4.3-r3
version/squirrelmail/1.4.3-rc1
version/squirrelmail/1.4.3_r3
version/squirrelmail/1.4.3_rc1
version/squirrelmail/1.4.3_rc1-r1
version/squirrelmail/1.4.3a
version/squirrelmail/1.4.3aa
version/squirrelmail/1.4.4
version/squirrelmail/1.4.4-rc1
version/squirrelmail/1.4.4_rc1
version/squirrelmail/1.4.5
version/squirrelmail/1.4.5-rc1
version/squirrelmail/1.4.5_rc1
version/squirrelmail/1.4.6
version/squirrelmail/1.4.6-rc1
version/squirrelmail/1.4.6_cvs
version/squirrelmail/1.4.6_rc1
version/squirrelmail/1.4.7
version/squirrelmail/1.4.8
version/squirrelmail/1.4.8.4fc6
version/squirrelmail/1.4.9
version/squirrelmail/1.4.9a
version/squirrelmail/1.4.10
version/squirrelmail/1.4.10a
version/squirrelmail/1.4.11
version/squirrelmail/1.4.12
version/squirrelmail/1.4.13
version/squirrelmail/1.4.15
version/squirrelmail/1.4.15-rc1
version/squirrelmail/1.4.15_rc1
version/squirrelmail/1.4.15rc1
version/squirrelmail/1.4.16
version/squirrelmail/1.4.17
version/squirrelmail/1.4.18
version/squirrelmail/1.4.19
version/squirrelmail/1.4_rc1
version/squirrelmail/1.44