oss-sec mailing list archives
Re: Strange CVE situation (at least one ID should come of this)
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 5 Dec 2012 21:28:47 -0700
* [2012-12-05 20:50:57 -0500] Josh Bressers wrote:
>On 10/26/2012 01:54 PM, Josh Bressers wrote: >> Hello, >> >> This Squirrelmail plugin came to my attention a few weeks back: >> http://squirrelmail.org/plugin_view.php?id=117 >> >> It's from 2004, which is suspect in itself, but I took a look >> after >> someone asked. It's pretty scary in there. >> >> If I was to list the security problems I found after a few minutes >> of looking, they are: >> >> * It uses MD5 passwords > >Going with this one since there's a good number of MD5 related CVE's >already. > >Please use CVE-2012-5623 for this issue. Shouldn't this be a 2004 CVE, since it was fixed in 2004?No, it's not fixed at all. The module would need a rather invasive rewrite to "fix" this. I really just wanted a CVE ID as a warning of "don't use this". 2004 is the last time it was updated :) Thanks.
Aha! Sorry, I'm dense. Thanks for the clarification. =) --Vincent Danen / Red Hat Security Response Team
Current thread:
- Re: Strange CVE situation (at least one ID should come of this), (continued)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)