SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability

Bugtraq ID: 40291
Class: Design Error
CVE: CVE-2010-1637
Remote: Yes
Local: No
Published: May 20 2010 12:00AM
Updated: Feb 09 2012 05:40PM
Credit: <br>TEHTRI-Security
Vulnerable: SquirrelMail SquirrelMail 1.5.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
SquirrelMail SquirrelMail 1.5 Development Version
SquirrelMail SquirrelMail 1.4.19
SquirrelMail SquirrelMail 1.4.18
SquirrelMail SquirrelMail 1.4.17
SquirrelMail SquirrelMail 1.4.16
SquirrelMail SquirrelMail 1.4.15
SquirrelMail SquirrelMail 1.4.12
SquirrelMail SquirrelMail 1.4.11
SquirrelMail SquirrelMail 1.4.9 a
+ Debian Linux 4.0
SquirrelMail SquirrelMail 1.4.8
SquirrelMail SquirrelMail 1.4.7
SquirrelMail SquirrelMail 1.4.6 -rc1
SquirrelMail SquirrelMail 1.4.6 -cvs
SquirrelMail SquirrelMail 1.4.6
SquirrelMail SquirrelMail 1.4.5
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
SquirrelMail SquirrelMail 1.4.4 RC1
SquirrelMail SquirrelMail 1.4.4
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Gentoo Linux
+ Gentoo Linux
+ Gentoo Linux
SquirrelMail SquirrelMail 1.4.3 RC1
SquirrelMail SquirrelMail 1.4.3 r3
+ Gentoo Linux
SquirrelMail SquirrelMail 1.4.3 a
+ Conectiva Linux 9.0
+ Red Hat Fedora Core3
+ Red Hat Fedora Core3
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
SquirrelMail SquirrelMail 1.4.3
SquirrelMail SquirrelMail 1.4.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
SquirrelMail SquirrelMail 1.4.1
SquirrelMail SquirrelMail 1.4 RC1
SquirrelMail SquirrelMail 1.4
SquirrelMail SquirrelMail 1.4.20 RC2
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop version 4
Red Hat Fedora 13
Red Hat Fedora 12
Red Hat Fedora 11
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux 5 Server
Oracle Enterprise Linux 5
Oracle Enterprise Linux 4
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Apple Mac OS X Server 10.6.6
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server 10.6.7
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.6
Not Vulnerable: SquirrelMail SquirrelMail 1.5.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Red Hat Fedora Core2
SquirrelMail SquirrelMail 1.4.21
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Red Hat Fedora Core2


 

Privacy Statement
Copyright 2010, SecurityFocus