CVE-2006-4019

Published: Aug 11, 2006Modified: Apr 16, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Affected (15)

Products: Squirrelmail: Squirrelmail

Squirrelmail

1 product

Squirrelmail

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	Version 1.4.0
Squirrelmail Squirrelmail	Version 1.4.1
Squirrelmail Squirrelmail	Version 1.4.2
Squirrelmail Squirrelmail	Version 1.4.3
Squirrelmail Squirrelmail	Version 1.4.3_r3
Squirrelmail Squirrelmail	Version 1.4.3_rc1
Squirrelmail Squirrelmail	Version 1.4.3a
Squirrelmail Squirrelmail	Version 1.4.4
Squirrelmail Squirrelmail	Version 1.4.4_rc1
Squirrelmail Squirrelmail	Version 1.4.5
Squirrelmail Squirrelmail	Version 1.4.6
Squirrelmail Squirrelmail	Version 1.4.6_rc1
Squirrelmail Squirrelmail	Version 1.4.7
Squirrelmail Squirrelmail	Version 1.44
Squirrelmail Squirrelmail	Version 1.4_rc1

References (58)

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc (unsafe URL)

Source: cve@mitre.org

http://attrition.org/pipermail/vim/2006-August/000970.html

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306172

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Source: cve@mitre.org

http://marc.info/?l=full-disclosure&m=115532449024178&w=2

Source: cve@mitre.org

http://secunia.com/advisories/21354

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/21444

Source: cve@mitre.org

http://secunia.com/advisories/21586

Source: cve@mitre.org

http://secunia.com/advisories/22080

Source: cve@mitre.org

http://secunia.com/advisories/22104

Source: cve@mitre.org

http://secunia.com/advisories/22487

Source: cve@mitre.org

http://secunia.com/advisories/26235

Source: cve@mitre.org

http://securitytracker.com/id?1016689

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1154

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:147

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_23_sr.html

Source: cve@mitre.org

http://www.osvdb.org/27917

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0668.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/442980/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/442993/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19486

Source: cve@mitre.org

http://www.securityfocus.com/bid/25159

Source: cve@mitre.org

http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch

Source: cve@mitre.org

Patch

http://www.squirrelmail.org/security/issue/2006-08-11

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2006/3271

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2732

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28365

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-577

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc (unsafe URL)