Mandriva Update For Squirrelmail MDVSA-2010:158 (squirrelmail) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in squirrelmail: functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files (CVE-2010-2813). This update provides squirrelmail 1.4.21, which is not vulnerable to this issue.

Affected

squirrelmail on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-2813
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:186 (firebird)
Mandrake Security Advisory MDVSA-2009:039 (gedit)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:102 (apache)
Mandrake Security Advisory MDVSA-2009:047 (vim)

Mandriva Update for squirrelmail MDVSA-2010:158 (squirrelmail)

Take action and discover your vulnerabilities