Test Kennung:	1.3.6.1.4.1.25623.1.0.51591
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2001:437
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2001:437. Imp is a webmail system which uses the Horde[3] framework. Joao Pedro Goncalves reported[1] a vulnerability[2] in the Imp webmail system which could be used by a remote attacker to access a victim's email. It is possible to include a script in an URL via html tags. Since these tags are not treated appropriately in previous versions (<= 2.2.6) of Imp, such scripts can be executed by an unsuspecting user if clicked on when viewing an email. By emailing such a crafted URL to an user and having this user click on it, the attacker is able to retrieve the authentication cookies used in the webmail session, thus gaining access to the user's webmail account. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:437 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.