SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Variable overwriting in compose.php

Date:
2006-08-11
Description:
A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments.

The function that the bug was in, was actually broken in the latest release of SquirrelMail. Therefore the simple fix is to just remove that function entirely if you don't miss it. The patch below restores the functionality (resume a compose session when the user's session expired) and fixes the hole.
Affected Versions:
1.4.0 - 1.4.7
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2006-4019
Patch:
view patch
Credits:
James Bercegay of GulfTech Security Research
This page last updated:
2006-08-11 13:40:42
© 1999-2010 by The SquirrelMail Project Team