Launchpad CVE tracker

CVE 2006-3665

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.

Related bugs and status

CVE-2006-3665 (Candidate) is related to these bugs:

Bug #328938: CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL

		In	Importance	Status
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu)	Undecided	Fix Released
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu Hardy)	Undecided	Fix Released
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu Gutsy)	Undecided	Fix Released
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu Dapper)	Undecided	Fix Released

Bug #348839: [dapper] security vulnerabilities with register_globals enabled: CVE-2006-3665 CVE-2006-3174

Summary				In	Importance	Status
	348839	[dapper] security vulnerabilities with register_globals enabled: CVE-2006-3665 CVE-2006-3174		squirrelmail (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2006-3665

References