 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.63445 |
| Kategorie: | Mandrake Local Security Checks |
| Titel: | Mandrake Security Advisory MDVSA-2009:053 (squirrelmail) |
| Zusammenfassung: | The remote host is missing an update to squirrelmail;announced via advisory MDVSA-2009:053. |
| Beschreibung: | Summary: The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:053. Vulnerability Insight: A vulnerability has been identified and corrected in squirrelmail: Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie (CVE-2008-3663). Additionally many of the bundled plugins has been upgraded. The localization has also been upgraded. Basically this is a synchronization with the latest squirrelmail package found in Mandriva Cooker. The rpm changelog will reveal all the changes (rpm -q --changelog squirrelmail). The updated packages have been upgraded to the latest version of squirrelmail to prevent this. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-3663 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 31321 http://www.securityfocus.com/bid/31321 Bugtraq: 20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 (Google Search) http://www.securityfocus.com/archive/1/496601/100/0/threaded http://int21.de/cve/CVE-2008-3663-squirrelmail.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548 http://secunia.com/advisories/33937 http://securityreason.com/securityalert/4304 SuSE Security Announcement: SUSE-SR:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html XForce ISS Database: squirrelmail-cookie-session-hijacking(45700) https://exchange.xforce.ibmcloud.com/vulnerabilities/45700 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |