Buffer overflow in the chpasswd command in the Change_passwd plugin prior to 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.