Red Hat Bugzilla – Bug 194283
CVE-2006-2842 Squirrelmail file inclusion
Last modified: 2007-11-30 17:07:25 EST
Squirrelmail file inclusion
A PHP file inclusion error was found in squirrelmail. If if
register_globals is enabled and magic_quotes_gpc is disabled,
it becomes possible for an unauthenticated remote attacker to view
arbitrary file contents.
This confuration is not default nor safe.
This issue also affects RHEL3
There is an upstream patch here:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.