CVE-2005-2095

Publication date 13 July 2005

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Status

Package Ubuntu Release Status
squirrelmail 7.04 feisty
Fixed 1.4.9a-1ubuntu0.1
6.10 edgy
Fixed 1.4.8-1ubuntu0.1
6.06 LTS dapper
Fixed 1.4.6-1ubuntu0.1

References

Other references

Access our resources on patching vulnerabilities