|
|
Family: Debian Local Security Checks --> Category: infos
[DSA756] DSA-756-1 squirrelmail Vulnerability Scan
Vulnerability Scan Summary
DSA-756-1 squirrelmail
Detailed Explanation for this Vulnerability Test
Several vulnerabilities have been discovered in Squirrelmail, a
commonly used webmail system. The Common Vulnerabilities and
Exposures project identifies the following problems:
Martijn Brinkers discovered cross-site scripting vulnerabilities
that allow remote attackers to inject arbitrary web script or HTML
in the URL and e-mail messages.
James Bercegay of GulfTech Security discovered a vulnerability in
the variable handling which could lead to attackers altering other
people's preferences and possibly reading them, writing files at
any location writable for www-data and cross site scripting.
For the old stable distribution (woody) these problems have been fixed in
version 1.2.6-4.
For the stable distribution (sarge) these problems have been fixed in
version 1.4.4-6sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 1.4.4-6sarge1.
We recommend that you upgrade your squirrelmail package.
Solution : http://www.debian.org/security/2005/dsa-756
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
