Red Hat Bugzilla – Bug 182584
CVE-2006-0377 IMAP injection in sqimap_mailbox_select mailbox parameter
Last modified: 2007-11-30 17:07:23 EST
IMAP injection in sqimap_mailbox_select mailbox parameter
(Text taken from the above URL)
By adding newlines to the mailbox parameter of sqimap_mailbox_select,
a logged in user can add additional IMAP commands after the command
issued by SquirrelMail. The real-world impact of this is unknown.
This issue should also affect RHEL3
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.