=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN225
_____________________________________________________________________

DATE                      : 22/06/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Mail Fetch plugin for SquirrelMail.

======================================================================
http://www.squirrelmail.org/security/issue/2010-06-21
______________________________________________________________________

Security
Mail Fetch plugin as network scanner

Date:     2010-06-21
Description:
    A vulnerability was reported in the SquirrelMail Mail Fetch plugin,
wherein (when the plugin is activated by the administrator) a user is
allowed to specify (without restriction) any port number for their
external POP account settings. While the intention is to allow users
to access POP3 servers using non-standard ports, this also allows
malicious users to effectively port-scan any server through their
SquirrelMail service (especially note that when a SquirrelMail
server resides on a network behind a firewall, it may allow the
user to explore the network topography (DNS scan) and services
available (port scan) on the inside of (behind) that firewall).
As this vulnerability is only exploitable post-authentication,
and better more specific port scanning tools are freely available,
we consider this vulnerability to be of very low severity. It
has been fixed by restricting the allowable POP port numbers (with
an administrator configuration override available).

Affected Versions:
    <= 1.4.20
Register Globals:
    Register_globals does not have to be on for this issue.
CVE id('s):
    CVE-2010-1637
Patch:
    view patch
Credits:
    TEHTRI-Security
This page last updated:
    2010-06-21 09:38:40

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================