CVE-2006-0383

Current Description

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

Basic Data

PublishedFebruary 24, 2006
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSquirrelmailSquirrelmail1.4*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.1*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.2*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.3*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.3_r3*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.3_rc1*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.3a*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.4*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.4_rc1*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.5*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.6_rc1*******
    2.3ApplicationSquirrelmailSquirrelmail1.4_rc1*******

Vulnerable Software List

VendorProductVersions
Squirrelmail Squirrelmail 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.3_r3, 1.4.3_rc1, 1.4.3a, 1.4.4, 1.4.4_rc1, 1.4.5, 1.4.6_rc1, 1.4_rc1

References

NameSourceURLTags
20060501-01-Uftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.ascSGI
18985http://secunia.com/advisories/18985SECUNIAVendor Advisory
19130http://secunia.com/advisories/19130SECUNIA
19131http://secunia.com/advisories/19131SECUNIA
19176http://secunia.com/advisories/19176SECUNIA
19205http://secunia.com/advisories/19205SECUNIA
19960http://secunia.com/advisories/19960SECUNIA
20210http://secunia.com/advisories/20210SECUNIA
1015662http://securitytracker.com/id?1015662SECTRACKPatch
DSA-988http://www.debian.org/security/2006/dsa-988DEBIAN
GLSA-200603-09http://www.gentoo.org/security/en/glsa/glsa-200603-09.xmlGENTOO
MDKSA-2006:049http://www.mandriva.com/security/advisories?name=MDKSA-2006:049MANDRIVA
SUSE-SR:2006:005http://www.novell.com/linux/security/advisories/2006_05_sr.htmlSUSE
FEDORA-2006-133http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.htmlFEDORA
RHSA-2006:0283http://www.redhat.com/support/errata/RHSA-2006-0283.htmlREDHAT
16756http://www.securityfocus.com/bid/16756BID
http://www.squirrelmail.org/security/issue/2006-02-15http://www.squirrelmail.org/security/issue/2006-02-15CONFIRMPatch
ADV-2006-0689http://www.vupen.com/english/advisories/2006/0689VUPEN
squirrelmail-mailbox-imap-injection(24849)https://exchange.xforce.ibmcloud.com/vulnerabilities/24849XF
oval:org.mitre.oval:def:11470https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470OVAL