CVE-2009-2964

2009-08-2500:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.7%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail
1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to
hijack the authentication of unspecified victims via features such as send
message and change preferences, related to (1)
functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3)
src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6)
src/folders_create.php, (7) src/folders_delete.php, (8)
src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10)
src/folders_subscribe.php, (11) src/move_messages.php, (12)
src/options.php, (13) src/options_highlight.php, (14)
src/options_identities.php, (15) src/options_order.php, (16)
src/search.php, and (17) src/vcard.php.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/squirrelmail/+bug/446838>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchsquirrelmail< 2:1.4.13-2ubuntu1.5UNKNOWN
ubuntu8.10noarchsquirrelmail<  2:1.4.15-3ubuntu0.4UNKNOWN
ubuntu9.04noarchsquirrelmail< 2:1.4.15-4ubuntu0.3UNKNOWN
ubuntu9.10noarchsquirrelmail< 2:1.4.19-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	squirrelmail	< 2:1.4.13-2ubuntu1.5	UNKNOWN
ubuntu	8.10	noarch	squirrelmail	< 2:1.4.15-3ubuntu0.4	UNKNOWN
ubuntu	9.04	noarch	squirrelmail	< 2:1.4.15-4ubuntu0.3	UNKNOWN
ubuntu	9.10	noarch	squirrelmail	< 2:1.4.19-1ubuntu0.1	UNKNOWN