Family: Debian Local Security Checks --> Category: infos
[DSA220] DSA-220-1 squirrelmail Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A cross site scripting vulnerability has been discovered in
squirrelmail, a feature-rich webmail package written in PHP4.
Squirrelmail doesn't sanitize user provided variables in all places,
leaving it vulnerable to a cross site scripting attack.
For the current stable distribution (woody) this problem has been
fixed in version 1.2.6-1.3. The old stable distribution (potato) is
not affected since it doesn't contain a squirrelmail package.
An updated package for the unstable distribution (sid) is
We recommend that you upgrade your squirrelmail package.
Solution : http://www.debian.org/security/2003/dsa-220
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.