|
|
Family: Debian Local Security Checks --> Category: infos
[DSA820] DSA-820-1 courier Vulnerability Scan
Vulnerability Scan Summary
DSA-820-1 courier
Detailed Explanation for this Vulnerability Test
Jakob Balle discovered that with "Conditional Comments" in Internet
Explorer it is possible to hide javascript code in comments that will
be executed when the browser views a malicious email via sqwebmail.
Successful exploitation requires that the user is using Internet
Explorer.
For the old stable distribution (woody) this problem has been fixed in
version 0.37.3-2.7.
For the stable distribution (sarge) this problem has been fixed in
version 0.47-4sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 0.47-9.
We recommend that you upgrade your sqwebmail package.
Solution : http://www.debian.org/security/2005/dsa-820
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
