|
Family: Debian Local Security Checks --> Category: infos
[DSA1154] DSA-1154-1 squirrelmail Vulnerability Scan
Vulnerability Scan Summary DSA-1154-1 squirrelmail
Detailed Explanation for this Vulnerability Test
James Bercegay of GulfTech Security Research discovered a vulnerability
in SquirrelMail where an authenticated user could overwrite random
variables in the compose script. This might be exploited to read or
write the preferences or attachment files of other users.
For the stable distribution (sarge) this problem has been fixed in
version 1.4.4-9.
For the unstable distribution (sid) this problem has been fixed in
version 1.4.8-1.
We recommend that you upgrade your squirrelmail package.
Solution : http://www.debian.org/security/2006/dsa-1154
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|