5 - CVE-2012-2124

Executive Summary

Informations
Name	CVE-2012-2124	First vendor Publication	2013-01-18
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2124

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20344

Oval ID:	oval:org.mitre.oval:def:20344
Title:	RHSA-2013:0126: squirrelmail security and bug fix update (Low)
Description:	functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0126-00 CESA-2013:0126 CVE-2012-2124	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	squirrelmail
Definition Synopsis:
Redhat 5 section The operating system installed on the system is Red Hat Enterprise Linux 5 AND squirrelmail is earlier than 0:1.4.8-21.el5 OR Centos 5 section CentOS Linux 5.x AND squirrelmail is earlier than 0:1.4.8-21.el5.centos

Definition Id: oval:org.mitre.oval:def:23463

Oval ID:	oval:org.mitre.oval:def:23463
Title:	ELSA-2013:0126: squirrelmail security and bug fix update (Low)
Description:	functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0126-00 CVE-2012-2124	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	squirrelmail
Definition Synopsis:
Oracle Linux 5.x AND squirrelmail is earlier than 0:1.4.8-21.el5

Definition Id: oval:org.mitre.oval:def:27424

Oval ID:	oval:org.mitre.oval:def:27424
Title:	DEPRECATED: ELSA-2013-0126 -- squirrelmail security and bug fix update (low)
Description:	[1.4.8-21.0.2.el5] - remove Redhat splash screen images from source
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0126 CVE-2012-2124	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	squirrelmail
Definition Synopsis:
Oracle Linux 5.x AND squirrelmail is earlier than 0:1.4.8-21.0.2.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Squirrelmail cpe:2.3:a:squirrelmail:squirrelmail:-:::::::*	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:5:::::::* cpe:2.3:o:redhat:enterprise_linux:4:::::::*	2

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0126.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0126.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Scientific Linux host is missing a security update. File : sl_20130108_squirrelmail_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0126.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=814671
MLIST	http://www.openwall.com/lists/oss-security/2012/04/20/22
REDHAT	http://rhn.redhat.com/errata/RHSA-2013-0126.html
SECUNIA	http://secunia.com/advisories/51730

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-07 21:46:28	Multiple Updates
2023-02-13 09:28:36	Multiple Updates
2019-05-10 12:04:39	Multiple Updates
2016-04-26 21:46:22	Multiple Updates
2014-02-17 11:09:55	Multiple Updates
2013-05-10 22:38:25	Multiple Updates
2013-01-19 00:20:20	Multiple Updates
2013-01-18 13:19:18	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	3
Sources(s)	4
Nessus® Exploit(s)	4

	Related
5	RHSA-2013:0126
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - CVE-2012-2124

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU