CVE-2006-4019
published 2006-08-11CVE-2006-4019: Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and…
PriorityP338medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
9.23%
94.7th percentile
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hx28-58mx-whmj: Dynamic variable evaluation vulnerability in compose
ghsa_unreviewed·2022-05-03
CVE-2006-4019 [MEDIUM] GHSA-hx28-58mx-whmj: Dynamic variable evaluation vulnerability in compose
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
Red Hat
security flaw
vendor_redhat·2006-08-11·CVSS 6.4
CVE-2006-4019 [MEDIUM] security flaw
security flaw
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
No detection rules found.
Bugzilla
CVE-2006-4019 security flaw
bugzilla·2018-08-16·CVSS 6.4
CVE-2006-4019 [MEDIUM] CVE-2006-4019 security flaw
CVE-2006-4019 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
Bugzilla
CVE-2006-4019 Squirrelmail authenticated user variable overwriting
bugzilla·2006-08-15·CVSS 6.4
CVE-2006-4019 [MEDIUM] CVE-2006-4019 Squirrelmail authenticated user variable overwriting
CVE-2006-4019 Squirrelmail authenticated user variable overwriting
For FC6
+++ This bug was initially created as a clone of Bug #202196 +++
Squirrelmail authenticated user variable overwriting
A bug was fixed in squirrelmail 1.4.8 which could allow a logged in
user to overwrite random variables in compose.php with arbitrary data.
This may allow a user to read or write another users preferences or
mail attachments.
More information can be found here:
http://www.squirrelmail.org/security/issue/2006-08-11
-- Additional comment from [email protected] on 2006-08-15 12:40 EST --
squirrelmail-1.4.8-1.fc5 has been pushed for fc5, which should resolve this
issue. If these problems are still present in this version, then please make
note of it in this bug report.
Discussion:
1.4.8 wa
Bugzilla
CVE-2006-4019 Squirrelmail authenticated user variable overwriting
bugzilla·2006-08-11·CVSS 6.4
CVE-2006-4019 [MEDIUM] CVE-2006-4019 Squirrelmail authenticated user variable overwriting
CVE-2006-4019 Squirrelmail authenticated user variable overwriting
Squirrelmail authenticated user variable overwriting
A bug was fixed in squirrelmail 1.4.8 which could allow a logged in
user to overwrite random variables in compose.php with arbitrary data.
This may allow a user to read or write another users preferences or
mail attachments.
More information can be found here:
http://www.squirrelmail.org/security/issue/2006-08-11
This issue also affects RHEL3
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does no
Bugzilla
CVE-2006-4019 Squirrelmail authenticated user variable overwriting
bugzilla·2006-08-11·CVSS 6.4
CVE-2006-4019 [MEDIUM] CVE-2006-4019 Squirrelmail authenticated user variable overwriting
CVE-2006-4019 Squirrelmail authenticated user variable overwriting
Squirrelmail authenticated user variable overwriting
A bug was fixed in squirrelmail 1.4.8 which could allow a logged in
user to overwrite random variables in compose.php with arbitrary data.
This may allow a user to read or write another users preferences or
mail attachments.
More information can be found here:
http://www.squirrelmail.org/security/issue/2006-08-11
Discussion:
squirrelmail-1.4.8-1.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
CWE
Improper Control of Dynamically-Identified Variables
mitre_cwe·CVSS 6.4
[MEDIUM] CWE-914 Improper Control of Dynamically-Identified Variables
CWE-914: Improper Control of Dynamically-Identified Variables
The product does not properly restrict reading from or writing to dynamically-identified variables.
Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Application Data. An attacker could modify sensitive data or program variables.
Scope: Integrity. Impact: Execute Unauthorized Code or Commands.
Scope: Other, Integrity. Impact: Varies by Context, Alter Exec
CWE
Dynamic Variable Evaluation
mitre_cwe·CVSS 6.4
[MEDIUM] CWE-627 Dynamic Variable Evaluation
CWE-627: Dynamic Variable Evaluation
In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.
The resultant vulnerabilities depend on the behavior of the application, both at the crossover point and in any control/data flow that is reachable by the related variables or functions.
Background: Many interpreted languages support the use of a "$$varname" construct to set a variable whose name is specified by the $varname variable. In PHP, these are referred to as "variable variables." Functions might also be invoked using similar syntax, such as $$funcname(arg1, arg2).
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Co
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://attrition.org/pipermail/vim/2006-August/000970.htmlhttp://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://marc.info/?l=full-disclosure&m=115532449024178&w=2http://secunia.com/advisories/21354http://secunia.com/advisories/21444http://secunia.com/advisories/21586http://secunia.com/advisories/22080http://secunia.com/advisories/22104http://secunia.com/advisories/22487http://secunia.com/advisories/26235http://securitytracker.com/id?1016689http://www.debian.org/security/2006/dsa-1154http://www.mandriva.com/security/advisories?name=MDKSA-2006:147http://www.novell.com/linux/security/advisories/2006_23_sr.htmlhttp://www.osvdb.org/27917http://www.redhat.com/support/errata/RHSA-2006-0668.htmlhttp://www.securityfocus.com/archive/1/442980/100/0/threadedhttp://www.securityfocus.com/archive/1/442993/100/0/threadedhttp://www.securityfocus.com/bid/19486http://www.securityfocus.com/bid/25159http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patchhttp://www.squirrelmail.org/security/issue/2006-08-11http://www.vupen.com/english/advisories/2006/3271http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/28365https://issues.rpath.com/browse/RPL-577https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://attrition.org/pipermail/vim/2006-August/000970.htmlhttp://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://marc.info/?l=full-disclosure&m=115532449024178&w=2http://secunia.com/advisories/21354http://secunia.com/advisories/21444http://secunia.com/advisories/21586http://secunia.com/advisories/22080http://secunia.com/advisories/22104http://secunia.com/advisories/22487http://secunia.com/advisories/26235http://securitytracker.com/id?1016689http://www.debian.org/security/2006/dsa-1154http://www.mandriva.com/security/advisories?name=MDKSA-2006:147http://www.novell.com/linux/security/advisories/2006_23_sr.htmlhttp://www.osvdb.org/27917http://www.redhat.com/support/errata/RHSA-2006-0668.htmlhttp://www.securityfocus.com/archive/1/442980/100/0/threadedhttp://www.securityfocus.com/archive/1/442993/100/0/threadedhttp://www.securityfocus.com/bid/19486http://www.securityfocus.com/bid/25159http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patchhttp://www.squirrelmail.org/security/issue/2006-08-11http://www.vupen.com/english/advisories/2006/3271http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/28365https://issues.rpath.com/browse/RPL-577https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533
2006-08-11
Published