Main Vulnerability Database Vulnerabilities #VU44885

Code Injection in SquirrelMail - CVE-2011-2752

Published: July 17, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44885

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-2752

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SquirrelMail Development Team

Affected software:
SquirrelMail

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a (newline) character, a different vulnerability than CVE-2010-4555.

How to mitigate CVE-2011-2752

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://www.debian.org/security/2011/dsa-2291
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
http://www.squirrelmail.org/security/issue/2011-07-11
https://exchange.xforce.ibmcloud.com/vulnerabilities/68587

Code Injection in SquirrelMail - CVE-2011-2752

Detailed vulnerability description

How to mitigate CVE-2011-2752

Sources

Please verify you're human