SquirrelMail is vulnerable to denial of service attack.For log in attempts with 8-bit character passwords, the library creates user preference file even if the user name is invalid. Using this flaw, an attacker can exhaust memory in server by making many invalid IMAP log in attempts with different user names, leading to denial of service. The vulnerability is a result of incorrect fix for CVE-2010-2813.
rhn.redhat.com/errata/RHSA-2013-0126.html
secunia.com/advisories/51730
www.openwall.com/lists/oss-security/2012/04/20/22
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=241861
bugzilla.redhat.com/show_bug.cgi?id=450780
bugzilla.redhat.com/show_bug.cgi?id=475188
bugzilla.redhat.com/show_bug.cgi?id=508686
bugzilla.redhat.com/show_bug.cgi?id=528758
bugzilla.redhat.com/show_bug.cgi?id=669663
bugzilla.redhat.com/show_bug.cgi?id=745380
bugzilla.redhat.com/show_bug.cgi?id=745469
bugzilla.redhat.com/show_bug.cgi?id=789353
bugzilla.redhat.com/show_bug.cgi?id=814671
rhn.redhat.com/errata/RHSA-2012-0103.html
rhn.redhat.com/errata/RHSA-2013-0126.html