CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| squirrelmail (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Hardy |
Fix Released
|
Low
|
Unassigned | ||
| Jaunty |
Fix Released
|
Low
|
Unassigned | ||
| Karmic |
Fix Released
|
Low
|
Unassigned | ||
| Lucid |
Fix Released
|
Low
|
Unassigned | ||
| Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: squirrelmail
Description from http://
A vulnerability was reported in the SquirrelMail Mail Fetch plugin, wherein (when the plugin is activated by the administrator) a user is allowed to specify (without restriction) any port number for their external POP account settings. While the intention is to allow users to access POP3 servers using non-standard ports, this also allows malicious users to effectively port-scan any server through their SquirrelMail service (especially note that when a SquirrelMail server resides on a network behind a firewall, it may allow the user to explore the network topography (DNS scan) and services available (port scan) on the inside of (behind) that firewall). As this vulnerability is only exploitable post-authentica
| visibility: | private → public |
| Changed in squirrelmail (Ubuntu): | |
| status: | New → In Progress |
| Changed in squirrelmail (Ubuntu Lucid): | |
| status: | New → In Progress |
| Changed in squirrelmail (Ubuntu Jaunty): | |
| status: | New → In Progress |
| Changed in squirrelmail (Ubuntu Hardy): | |
| status: | New → In Progress |
| Changed in squirrelmail (Ubuntu Karmic): | |
| status: | New → In Progress |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in squirrelmail (Ubuntu Maverick): | |
| status: | In Progress → Fix Released |
| Andreas Wenning (andreas-wenning) wrote | #2 |
| Changed in squirrelmail (Ubuntu Lucid): | |
| status: | In Progress → Confirmed |
| Andreas Wenning (andreas-wenning) wrote | #3 |
| Changed in squirrelmail (Ubuntu Karmic): | |
| status: | In Progress → Confirmed |
| Andreas Wenning (andreas-wenning) wrote | #4 |
| Changed in squirrelmail (Ubuntu Jaunty): | |
| status: | In Progress → Confirmed |
| Andreas Wenning (andreas-wenning) wrote | #5 |
| Changed in squirrelmail (Ubuntu Hardy): | |
| status: | In Progress → Confirmed |
| Jamie Strandboge (jdstrand) wrote | #6 |
| Changed in squirrelmail (Ubuntu Lucid): | |
| status: | Confirmed → Fix Committed |
| importance: | Undecided → Low |
| Changed in squirrelmail (Ubuntu Hardy): | |
| status: | Confirmed → Fix Committed |
| importance: | Undecided → Low |
| Changed in squirrelmail (Ubuntu Jaunty): | |
| status: | Confirmed → Fix Committed |
| importance: | Undecided → Low |
| Changed in squirrelmail (Ubuntu Karmic): | |
| status: | Confirmed → Fix Committed |
| importance: | Undecided → Low |
| Launchpad Janitor (janitor) wrote | #7 |
| Launchpad Janitor (janitor) wrote | #8 |
| Launchpad Janitor (janitor) wrote | #9 |
| Launchpad Janitor (janitor) wrote | #10 |
| Changed in squirrelmail (Ubuntu Hardy): | |
| status: | Fix Committed → Fix Released |
| Changed in squirrelmail (Ubuntu Jaunty): | |
| status: | Fix Committed → Fix Released |
| Changed in squirrelmail (Ubuntu Karmic): | |
| status: | Fix Committed → Fix Released |
| Changed in squirrelmail (Ubuntu Lucid): | |
| status: | Fix Committed → Fix Released |
This bug was fixed in the package squirrelmail - 2:1.4.20-1ubuntu1
---------------
squirrelmail (2:1.4.20-1ubuntu1) maverick; urgency=low
* SECURITY UPDATE: (LP: #598077)
* The Mail Fetch plugin allows remote authenticated users to bypass firewall
restrictions and use SquirrelMail as a proxy to scan internal networks via
a modified POP3 port number.
- http://
- CVE-2010-1637
- Patch taken from upstream svn rev. 13951. Applied inline.
-- Andreas Wenning <email address hidden> Thu, 24 Jun 2010 14:19:29 +0200