CVE-2007-6348
Vulnerability from cvelistv5
Published
2007-12-14 19:00
Modified
2024-08-07 16:02
Severity ?
Summary
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
References
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=119765643909825&w=2
secalert@redhat.comhttp://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2
secalert@redhat.comhttp://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2
secalert@redhat.comhttp://osvdb.org/42633
secalert@redhat.comhttp://secunia.com/advisories/28095Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/485037/100/0/threaded
secalert@redhat.comhttp://www.squirrelmail.org/index.php
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=119765643909825&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42633
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28095Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/485037/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.squirrelmail.org/index.php
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:02:36.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2"
          },
          {
            "name": "20071213 SECURITY: 1.4.12 Package Compromise",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"
          },
          {
            "name": "20071214 ANNOUNCE: SquirrelMail 1.4.13 Released",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2"
          },
          {
            "name": "28095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28095"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.squirrelmail.org/index.php"
          },
          {
            "name": "[squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2"
          },
          {
            "name": "42633",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42633"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2"
        },
        {
          "name": "20071213 SECURITY: 1.4.12 Package Compromise",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"
        },
        {
          "name": "20071214 ANNOUNCE: SquirrelMail 1.4.13 Released",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2"
        },
        {
          "name": "28095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28095"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.squirrelmail.org/index.php"
        },
        {
          "name": "[squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2"
        },
        {
          "name": "42633",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42633"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-6348",
    "datePublished": "2007-12-14T19:00:00",
    "dateReserved": "2007-12-14T00:00:00",
    "dateUpdated": "2024-08-07T16:02:36.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6348\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2007-12-14T19:46:00.000\",\"lastModified\":\"2024-11-21T00:39:55.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"SquirrelMail versiones 1.4.11 y 1.4.12, distribuidas en sourceforge.net versiones anteriores a 20071213, se han modificado externamente para crear un Caballo de Troya que introduce una vulnerabilidad de inclusi\u00f3n remota de archivos PHP, que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC24558-B7C1-4DE7-BC24-AF092DF0DE97\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/42633\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28095\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/485037/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.squirrelmail.org/index.php\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/42633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/485037/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.squirrelmail.org/index.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"The versions of SquirrelMail packages shipped in Red Hat Enterprise Linux 3, 4, and 5 were not affected by this issue.  In addition, the Red Hat Security Response Team have verified that the malicious code is not part of released Red Hat Enterprise Linux squirrelmail packages.\\n\",\"lastModified\":\"2007-12-17T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.