FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squirrelmail -- random variable overwrite vulnerability

Affected packages
1.4.0 <= ja-squirrelmail < 1.4.8,2
1.4.0 <= squirrelmail < 1.4.8

Details

VuXML ID 21b7c550-2a22-11db-a6e2-000e0c2e438a
Discovery 2006-08-11
Entry 2006-08-12

The SquirrelMail developers report:

A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments.

References

CVE Name CVE-2006-4019
URL http://www.squirrelmail.org/security/issue/2006-08-11