Family: Debian Local Security Checks --> Category: infos
[DSA1241] DSA-1241-1 squirrelmail Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Martijn Brinkers discovered cross-site scripting vulnerabilities in
the mailto parameter of webmail.php, the session and delete_draft
parameters of compose.php and through a shortcoming in the magicHTML
the user's webmail session.
Also, a workaround was made for Internet Explorer <= 5: IE will attempt
to guess the MIME type of attachments based on content, not the MIME
header sent. Attachments could fake to be a 'harmless' JPEG, while they
were in fact HTML that Internet Explorer would render.
For the stable distribution (sarge) these problems have been fixed in
For the upcoming stable distribution (etch) these problems have been fixed
in version 2:1.4.9a-1.
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your squirrelmail package.
Solution : http://www.debian.org/security/2006/dsa-1241
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.