Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2007-0022: squirrelmail Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the squirrelmail packages

Detailed Explanation for this Vulnerability Test

A new squirrelmail package that fixes security issues is now available for
Red Hat Enterprise Linux 3 and 4.

SquirrelMail is a standards-based webmail package written in PHP.

Several cross-site scripting bugs were discovered in SquirrelMail. An
attacker could inject arbitrary Javascript or HTML content into
SquirrelMail pages by tricking a user into visiting a carefully crafted
URL. (CVE-2006-6142)

Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.

- After installing this update, users are advised to restart their
httpd service to ensure that the updated version functions correctly.
- config.php should NOT be modified, please modify config_local.php
- Known Bug: The configuration generator may potentially produce bad
options that interfere with the operation of this application. Applying
specific config changes to config_local.php manually is recommended.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.