Vulnerability Name:

CVE-2010-1637 (CCN-59679)

Assigned:2010-05-20
Published:2010-05-20
Updated:2012-02-14
Summary:The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
3.5 Low (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Obtain Information
References:Source: MISC
Type: UNKNOWN
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69

Source: MITRE
Type: CNA
CVE-2010-1637

Source: APPLE
Type: UNKNOWN
APPLE-SA-2012-02-01-1

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-10244

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-10259

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-10264

Source: CCN
Type: RHSA-2012-0103
Moderate: squirrelmail security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:0103

Source: CCN
Type: SA40307
SquirrelMail Mail Fetch Plugin Weakness

Source: SECUNIA
Type: UNKNOWN
40307

Source: CONFIRM
Type: Patch, Vendor Advisory
http://squirrelmail.org/security/issue/2010-06-21

Source: MISC
Type: UNKNOWN
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951

Source: MISC
Type: Patch
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951

Source: CCN
Type: SquirrelMail SCM Repository
Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009]

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT5130

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:120

Source: MLIST
Type: UNKNOWN
[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail

Source: MLIST
Type: UNKNOWN
[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail

Source: MLIST
Type: Patch
[oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail

Source: CCN
Type: OSVDB ID: 65696
SquirrelMail Mail Fetch Plugin Modified POP3 Port Number Access Restriction Bypass

Source: BID
Type: UNKNOWN
40291

Source: CCN
Type: BID-40291
SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability

Source: BID
Type: UNKNOWN
40307

Source: CCN
Type: Squirrelmail Web Site
Mail Fetch plugin as network scanner

Source: VUPEN
Type: UNKNOWN
ADV-2010-1535

Source: VUPEN
Type: UNKNOWN
ADV-2010-1536

Source: VUPEN
Type: UNKNOWN
ADV-2010-1554

Source: XF
Type: UNKNOWN
squirelmail-mailfetch-info-disc(59679)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* (Version <= 1.4.20)
  • OR cpe:/a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:23175
    P
    		ELSA-2012:0103: squirrelmail security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21288
    P
    		RHSA-2012:0103: squirrelmail security update (Moderate)
    2014-02-24
    oval:com.redhat.rhsa:def:20120103
    P
    		RHSA-2012:0103: squirrelmail security update (Moderate)
    2012-02-08
    BACK
    squirrelmail squirrelmail 0.1
    squirrelmail squirrelmail 0.1.1
    squirrelmail squirrelmail 0.1.2
    squirrelmail squirrelmail 0.2
    squirrelmail squirrelmail 0.2.1
    squirrelmail squirrelmail 0.3
    squirrelmail squirrelmail 0.3.1
    squirrelmail squirrelmail 0.3pre1
    squirrelmail squirrelmail 0.3pre2
    squirrelmail squirrelmail 0.4
    squirrelmail squirrelmail 0.4pre1
    squirrelmail squirrelmail 0.4pre2
    squirrelmail squirrelmail 0.5
    squirrelmail squirrelmail 0.5pre1
    squirrelmail squirrelmail 0.5pre2
    squirrelmail squirrelmail 1.0
    squirrelmail squirrelmail 1.0.1
    squirrelmail squirrelmail 1.0.2
    squirrelmail squirrelmail 1.0.3
    squirrelmail squirrelmail 1.0.4
    squirrelmail squirrelmail 1.0.5
    squirrelmail squirrelmail 1.0.6
    squirrelmail squirrelmail 1.0pre1
    squirrelmail squirrelmail 1.0pre2
    squirrelmail squirrelmail 1.0pre3
    squirrelmail squirrelmail 1.1.0
    squirrelmail squirrelmail 1.1.1
    squirrelmail squirrelmail 1.1.2
    squirrelmail squirrelmail 1.1.3
    squirrelmail squirrelmail 1.2
    squirrelmail squirrelmail 1.2.0
    squirrelmail squirrelmail 1.2.0 rc3
    squirrelmail squirrelmail 1.2.1
    squirrelmail squirrelmail 1.2.2
    squirrelmail squirrelmail 1.2.3
    squirrelmail squirrelmail 1.2.4
    squirrelmail squirrelmail 1.2.5
    squirrelmail squirrelmail 1.2.6
    squirrelmail squirrelmail 1.2.6 rc1
    squirrelmail squirrelmail 1.2.7
    squirrelmail squirrelmail 1.2.8
    squirrelmail squirrelmail 1.2.9
    squirrelmail squirrelmail 1.2.10
    squirrelmail squirrelmail 1.2.11
    squirrelmail squirrelmail 1.3.0
    squirrelmail squirrelmail 1.3.1
    squirrelmail squirrelmail 1.3.2
    squirrelmail squirrelmail 1.4
    squirrelmail squirrelmail 1.4 rc1
    squirrelmail squirrelmail 1.4.0
    squirrelmail squirrelmail 1.4.0 rc1
    squirrelmail squirrelmail 1.4.0 rc2a
    squirrelmail squirrelmail 1.4.0-r1
    squirrelmail squirrelmail 1.4.1
    squirrelmail squirrelmail 1.4.2
    squirrelmail squirrelmail 1.4.2-r1
    squirrelmail squirrelmail 1.4.2-r2
    squirrelmail squirrelmail 1.4.2-r3
    squirrelmail squirrelmail 1.4.2-r4
    squirrelmail squirrelmail 1.4.2-r5
    squirrelmail squirrelmail 1.4.3
    squirrelmail squirrelmail 1.4.3 r3
    squirrelmail squirrelmail 1.4.3 rc1
    squirrelmail squirrelmail 1.4.3a
    squirrelmail squirrelmail 1.4.3aa
    squirrelmail squirrelmail 1.4.4
    squirrelmail squirrelmail 1.4.4 rc1
    squirrelmail squirrelmail 1.4.4_rc1
    squirrelmail squirrelmail 1.4.5
    squirrelmail squirrelmail 1.4.5 rc1
    squirrelmail squirrelmail 1.4.6
    squirrelmail squirrelmail 1.4.6 rc1
    squirrelmail squirrelmail 1.4.7
    squirrelmail squirrelmail 1.4.8
    squirrelmail squirrelmail 1.4.8.4fc6
    squirrelmail squirrelmail 1.4.9
    squirrelmail squirrelmail 1.4.9a
    squirrelmail squirrelmail 1.4.10
    squirrelmail squirrelmail 1.4.10a
    squirrelmail squirrelmail 1.4.11
    squirrelmail squirrelmail 1.4.12
    squirrelmail squirrelmail 1.4.13
    squirrelmail squirrelmail 1.4.15
    squirrelmail squirrelmail 1.4.15 rc1
    squirrelmail squirrelmail 1.4.16
    squirrelmail squirrelmail 1.4.17
    squirrelmail squirrelmail 1.4.18
    squirrelmail squirrelmail 1.4.19
    squirrelmail squirrelmail *
    squirrelmail squirrelmail 1.44