Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2006-0547: squirrelmail Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the squirrelmail packages

Detailed Explanation for this Vulnerability Test

An updated squirrelmail package that fixes a local file disclosure flaw is
now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

SquirrelMail is a standards-based webmail package written in PHP4.

A local file disclosure flaw was found in the way SquirrelMail loads
tests. In SquirrelMail 1.4.6 or earlier, if register_globals is on and
magic_quotes_gpc is off, it became possible for an unauthenticated remote
user to view the contents of arbitrary local files the web server has
read-access to. This configuration is neither default nor safe, and
configuring PHP with the register_globals set on is dangerous and not
recommended. (CVE-2006-2842)

Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct this issue.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.