Launchpad CVE tracker

CVE 2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

Related bugs and status

CVE-2006-0377 (Candidate) is related to these bugs:

Bug #115149: Please backport for squirrelmail from gutsy to dapper, edgy, and feisty

		In	Importance	Status
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Dapper Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Edgy Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Feisty Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squirrelmai...
BID: 16756
SECTRACK: 1015662
SECUNIA: 18985
DEBIAN: DSA-988
FEDORA: FEDORA-2006-133
SUSE: SUSE-SR:2006:005
SECUNIA: 19131
SECUNIA: 19130
SECUNIA: 19176
GENTOO: GLSA-200603-09
SECUNIA: 19205
REDHAT: RHSA-2006:0283
SECUNIA: 19960
SGI: 20060501-01-U
SECUNIA: 20210
MANDRIVA: MDKSA-2006:049
VUPEN: ADV-2006-0689
XF: squirrelmail-mailbox-i...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2006-0377

Related bugs and status

Related bugs

References