Vigil@nce: SquirrelMail, port scan via Mail Fetch
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker authenticated on SquirrelMail can use the Mail Fetch
plugin, in order to scan ports of computers reachable from the
server.
– Severity: 1/4
– Creation date: 22/06/2010
DESCRIPTION OF THE VULNERABILITY
The Mail Fetch plugin of SquirrelMail is used to add a remote
mailbox source. The user can define the computer and the port of
the remote POP3 service.
However, this feature can also be used by an attacker to scan TCP
ports of computers reachable from the SquirrelMail server.
An attacker authenticated on SquirrelMail can therefore use the
Mail Fetch plugin, in order to scan ports of computers reachable
from the server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SquirrelMail-port-scan-via-Mail-Fetch-9722