Test Kennung:	1.3.6.1.4.1.25623.1.0.56602
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2006:049 (squirrelmail)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to squirrelmail announced via advisory MDKSA-2006:049. Webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. (CVE-2006-0188) Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) /* and */ comments, or (2) a newline in a url specifier, which is processed by certain web browsers including Internet Explorer. (CVE-2006-0195) CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka IMAP injection. (CVE-2006-0377) Updated packages are patched to address these issues. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:049 Risk factor : Medium CVSS Score: 5.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0188 BugTraq ID: 16756 http://www.securityfocus.com/bid/16756 Debian Security Information: DSA-988 (Google Search) http://www.debian.org/security/2006/dsa-988 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419 http://www.redhat.com/support/errata/RHSA-2006-0283.html http://securitytracker.com/id?1015662 http://secunia.com/advisories/18985 http://secunia.com/advisories/19130 http://secunia.com/advisories/19131 http://secunia.com/advisories/19176 http://secunia.com/advisories/19205 http://secunia.com/advisories/19960 http://secunia.com/advisories/20210 SGI Security Advisory: 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.vupen.com/english/advisories/2006/0689 XForce ISS Database: squirrelmail-webmail-xss(24847) https://exchange.xforce.ibmcloud.com/vulnerabilities/24847 Common Vulnerability Exposure (CVE) ID: CVE-2006-0195 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548 XForce ISS Database: squirrelmail-magichtml-xss(24848) https://exchange.xforce.ibmcloud.com/vulnerabilities/24848 Common Vulnerability Exposure (CVE) ID: CVE-2006-0377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470 XForce ISS Database: squirrelmail-mailbox-imap-injection(24849) https://exchange.xforce.ibmcloud.com/vulnerabilities/24849
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.