// For flags

CVE-2010-1637

SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

El plugin Mail Fetch en SquirrelMail 1.4.20 y versiones anteriores, permite a atacantes remotos autenticados eludir las restricciones del firewall y usar SquirrelMail como un proxy para escanear redes internas mediante un nĂºmero de puerto POP3 modificado.

A vulnerability was reported in the SquirrelMail Mail Fetch plugin, wherein (when the plugin is activated by the administrator) a user is allowed to specify (without restriction) any port number for their external POP account settings. While the intention is to allow users to access POP3 servers using non-standard ports, this also allows malicious users to effectively port-scan any server through their SquirrelMail service (especially note that when a SquirrelMail server resides on a network behind a firewall, it may allow the user to explore the network topography (DNS scan) and services available (port scan) on the inside of (behind) that firewall. As this vulnerability is only exploitable post-authentication, and better more specific port scanning tools are freely available, we consider this vulnerability to be of very low severity. It has been fixed by restricting the allowable POP port numbers. The updated packages have been patched to correct this issue.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-04-29 CVE Reserved
  • 2010-06-22 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-07-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (22)
URL Tag Source
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 Broken Link
http://secunia.com/advisories/40307 Broken Link
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951 Product
http://support.apple.com/kb/HT5130 Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/05/25/3 Mailing List
http://www.openwall.com/lists/oss-security/2010/05/25/9 Mailing List
http://www.securityfocus.com/bid/40291 Broken Link
http://www.securityfocus.com/bid/40307 Broken Link
http://www.vupen.com/english/advisories/2010/1535 Broken Link
http://www.vupen.com/english/advisories/2010/1536 Broken Link
http://www.vupen.com/english/advisories/2010/1554 Broken Link
URL Date SRC
URL Date SRC
http://squirrelmail.org/security/issue/2010-06-21 2024-02-08
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951 2024-02-08
http://www.openwall.com/lists/oss-security/2010/06/21/1 2024-02-08
URL Date SRC
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html 2024-02-08
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html 2024-02-08
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html 2024-02-08
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html 2024-02-08
http://rhn.redhat.com/errata/RHSA-2012-0103.html 2024-02-08
http://www.mandriva.com/security/advisories?name=MDVSA-2010:120 2024-02-08
https://access.redhat.com/security/cve/CVE-2010-1637 2012-02-08
https://bugzilla.redhat.com/show_bug.cgi?id=606459 2012-02-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 <= 1.4.20
Search vendor "Squirrelmail" for product "Squirrelmail" and version " <= 1.4.20"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 11
Search vendor "Fedoraproject" for product "Fedora" and version "11"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 12
Search vendor "Fedoraproject" for product "Fedora" and version "12"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 13
Search vendor "Fedoraproject" for product "Fedora" and version "13"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 < 10.6.8
Search vendor "Apple" for product "Mac Os X" and version " < 10.6.8"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 < 10.6.8
Search vendor "Apple" for product "Mac Os X Server" and version " < 10.6.8"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 5.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 5.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 5.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0"
-
Affected