CVE-2012-2124

{"id": "CVE-2012-2124", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-18T11:48:39.840", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-0126.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51730", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/04/20/22", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814671", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0126.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51730", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/04/20/22", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814671", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files.  NOTE: this issue exists because of an incorrect fix for CVE-2010-2813."}, {"lang": "es", "value": "functions/imap_general.php en SquirrelMail, tal y como se usa ??en Red Hat Enterprise Linux (RHEL) v4 y v5 no trata correctamente los caracteres de 8 bits en las contrase\u00f1as, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por excesivo consumo de disco) haciendo muchos intentos de acceso IMAP con diferentes nombres de usuario, lo que lleva a la creaci\u00f3n de muchos archivos de preferencias. NOTA: este problema existe debido a una reparaci\u00f3n incorrecta al CVE-2010-2813."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F4C8AC6-80BA-456F-997B-FC38A8E2F060"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2C244C-82F6-49BC-B7F7-54AB989C43E8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}