SquirrelMail IMAP Command Injection Vulnerability
Publish date: 21 de julio de 2015
Gravedad: Medio
Identificadores de CVE : CVE-2006-0377
Fecha recomendada: 21 de julio de 2015
Descripción
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000208
Trend Micro Deep Security DPI Rule Name: 1000208 - SquirrelMail IMAP Command Injection Vulnerability
Software y versión afectados
- SquirrelMail SquirrelMail 1.4
- SquirrelMail SquirrelMail 1.4-rc1
- SquirrelMail SquirrelMail 1.4.1
- SquirrelMail SquirrelMail 1.4.2
- SquirrelMail SquirrelMail 1.4.3
- SquirrelMail SquirrelMail 1.4.3-rc1
- SquirrelMail SquirrelMail 1.4.3a
- SquirrelMail SquirrelMail 1.4.3r3
- SquirrelMail SquirrelMail 1.4.4
- SquirrelMail SquirrelMail 1.4.4-rc1
- SquirrelMail SquirrelMail 1.4.5
- SquirrelMail SquirrelMail 1.4.6-rc1