Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

SquirrelMail S/MIME Plug-in Remote Command Execution Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for remote command execution vulnerability in SquirrelMail S/MIME Plugin

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is prone to arbitrary
command execution attacks.

Description :

The S/MIME test for SquirrelMail installed on the remote host does
not sanitize the 'cert' parameter used by the 'viewcert.php' script.
An authenticated user can exploit this flaw to execute system commands
remotely in the context of the web server.

See also :

http://www.idefense.com/application/poi/display?id=191&type=vulnerabilities
http://www.squirrelmail.org/test_view.php?id=54

Solution :

Upgrade to version 0.6 or later of the test.

Threat Level:

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.