Candidate: CVE-2010-2813
PublicDate: 2010-08-19 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2813
Description:
 functions/imap_general.php in SquirrelMail before 1.4.21 does not properly
 handle 8-bit characters in passwords, which allows remote attackers to
 cause a denial of service (disk consumption) by making many IMAP login
 attempts with different usernames, leading to the creation of many
 preferences files.
Ubuntu-Description:
Notes:
 tyhicks> Note that Red Hat Security Advisory RHSA-2012:010 was incomplete (see
  CVE-2012-2124)
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=618096
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_squirrelmail:
 upstream: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972
upstream_squirrelmail: released (1.4.21)
dapper_squirrelmail: ignored (reached end-of-life)
hardy_squirrelmail: ignored (reached end-of-life)
jaunty_squirrelmail: ignored (reached end-of-life)
karmic_squirrelmail: ignored (reached end-of-life)
lucid_squirrelmail: ignored (reached end-of-life)
maverick_squirrelmail: not-affected (2:1.4.21-1)
natty_squirrelmail: not-affected (2:1.4.21-1)
oneiric_squirrelmail: not-affected (2:1.4.21-1)
precise_squirrelmail: not-affected (2:1.4.21-1)
quantal_squirrelmail: not-affected (2:1.4.21-1)
raring_squirrelmail: not-affected (2:1.4.21-1)
saucy_squirrelmail: not-affected (2:1.4.21-1)
devel_squirrelmail: not-affected (2:1.4.21-1)