Mandriva Update For Squirrelmail MDVSA-2010:158 (squirrelmail) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in squirrelmail: functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files (CVE-2010-2813). This update provides squirrelmail 1.4.21, which is not vulnerable to this issue.

Affected

squirrelmail on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-2813

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:206 (wget)
Mandrake Security Advisory MDVSA-2009:040 (dia)
Mandrake Security Advisory MDVSA-2009:123 (opensc)
Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)

Mandriva Update for squirrelmail MDVSA-2010:158 (squirrelmail)

Take action and discover your vulnerabilities