[VIM] SquirrelMail issue is dynamic variable evaluation
Steven M. Christey
coley at mitre.org
Fri Aug 11 16:46:41 EDT 2006
FYI. The MISC reference below is for the patch, which removes the
following code:
- foreach ($session_expired_post as $postvar => $val) {
- if (isset($val)) {
- $$postvar = $val;
- } else {
- $$postvar = '';
So, the $$postvar is obviously dynamic variable evaluation.
SquirrelMail and FrSIRT refer to this as "variable overwrite," and
maybe that's a better term than what I use :)
- Steve
======================================================
Name: CVE-2006-4019
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019
Reference: CONFIRM:http://www.squirrelmail.org/security/issue/2006-08-11
Reference: MISC:http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
Reference: FRSIRT:ADV-2006-3271
Reference: URL:http://www.frsirt.com/english/advisories/2006/3271
Reference: SECUNIA:21354
Reference: URL:http://secunia.com/advisories/21354
Dynamic variable evaluation vulnerability in compose.php in
SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwriute
arbitrary program variables and read or write the attachments and
preferences of other users.
More information about the VIM
mailing list