CVE-2006-4019 Information

Description

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://attrition.org/pipermail/vim/2006-August/000970.html http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://marc.info/?l=full-disclosure&m=115532449024178&w=2 http://secunia.com/advisories/21354 http://secunia.com/advisories/21444 http://secunia.com/advisories/21586 http://secunia.com/advisories/22080 http://secunia.com/advisories/22104 http://secunia.com/advisories/22487 http://secunia.com/advisories/26235 http://securitytracker.com/id?1016689 http://www.debian.org/security/2006/dsa-1154 http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.osvdb.org/27917 http://www.redhat.com/support/errata/RHSA-2006-0668.html http://www.securityfocus.com/archive/1/442980/100/0/threaded http://www.securityfocus.com/archive/1/442993/100/0/threaded http://www.securityfocus.com/bid/19486 http://www.securityfocus.com/bid/25159 http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch http://www.squirrelmail.org/security/issue/2006-08-11 http://www.vupen.com/english/advisories/2006/3271 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/28365 https://issues.rpath.com/browse/RPL-577 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11533