CVE-2009-2964

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.19 and earlier NaSMail versions prior to 1.7

Description: The issue allows remote attackers to hijack the authentication of victims via features such as sending messages and changing preferences. This is related to multiple files including functions/mailbox display.php, src/addrbook search html.php, src/addressbook.php, src/compose.php, src/folders.php, src/folders create.php, src/folders delete.php, src/folders rename do.php, src/folders rename getname.php, src/folders subscribe.php, src/move messages.php, src/options.php, src/options highlight.php, src/options identities.php, src/options order.php, src/search.php, and src/vcard.php.

Recommendations: For SquirrelMail versions 1.4.19 and earlier, consider disabling the affected features until a patch is available. For NaSMail versions prior to 1.7, restrict access to the vulnerable files to minimize the risk of exploitation. As a temporary workaround, avoid using the affected functions and files in SquirrelMail and NaSMail until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.