814671 – (CVE-2012-2124) CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103

Bug 814671 (CVE-2012-2124) - CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103

Summary: CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-2124
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	808598
Blocks:	808606 816611
TreeView+	depends on / blocked

Reported:	2012-04-20 11:32 UTC by Tomas Hoger
Modified:	2019-09-29 12:52 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-01-08 08:02:11 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0126	0	normal	SHIPPED_LIVE	Low: squirrelmail security and bug fix update	2013-01-08 09:21:41 UTC

Description Tomas Hoger 2012-04-20 11:32:27 UTC

A Red Hat Security Advisory RHSA-2012:0103 for squirrelmail packages shipped in Red Hat Enterprise Linux 4 and 5 claim to have fixed CVE-2010-2813 issue ("CVE-2010-2813 SquirrelMail: DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password", bug #618096).  However, the patch for this issue was not applied correctly and hence the issue was not fixed as stated in the advisory.

Comment 1 Stefan Cornelius 2012-04-20 14:30:44 UTC

CVE assignment notification:
http://www.openwall.com/lists/oss-security/2012/04/20/22

Comment 2 errata-xmlrpc 2013-01-08 04:59:56 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0126 https://rhn.redhat.com/errata/RHSA-2013-0126.html

Note You need to log in before you can comment on or make changes to this bug.