|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200406-08] Squirrelmail: Another XSS vulnerability Vulnerability Scan
Vulnerability Scan Summary Squirrelmail: Another XSS vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200406-08
(Squirrelmail: Another XSS vulnerability)
A new cross-site scripting (XSS) vulnerability in Squirrelmail-1.4.3_rc1
has been discovered. In functions/mime.php Squirrelmail fails to properly
sanitize user input.
Impact
By enticing a user to read a specially crafted e-mail, a possible hacker can
execute arbitrary scripts running in the context of the victim's browser.
This could lead to a compromise of the user's webmail account, cookie
theft, etc.
Workaround
There is no known workaround at this time.
References:
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
http://www.cert.org/advisories/CA-2000-02.html
Solution:
All SquirrelMail users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=mail-client/squirrelmail-1.4.3"
# emerge ">=mail-client/squirrelmail-1.4.3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|