ID de Prueba:	1.3.6.1.4.1.25623.1.0.52996
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: squirrelmail, ja-squirrelmail
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: squirrelmail, ja-squirrelmail CVE-2004-1036 Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. CVE-2005-0075 prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. CVE-2005-0103 PHP remote code injection vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. CVE-2005-0104 Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1036 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html Bugtraq: 20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text (Google Search) http://marc.info/?l=bugtraq&m=110012133608004&w=2 Conectiva Linux advisory: CLA-2004:905 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905 http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592 XForce ISS Database: squirrelmail-mime-xss(18031) https://exchange.xforce.ibmcloud.com/vulnerabilities/18031 Common Vulnerability Exposure (CVE) ID: CVE-2005-0075 Bugtraq: 20050129 SquirrelMail Security Advisory (Google Search) http://marc.info/?l=bugtraq&m=110702772714662&w=2 http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587 http://www.redhat.com/support/errata/RHSA-2005-099.html http://www.redhat.com/support/errata/RHSA-2005-135.html http://secunia.com/advisories/13962/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670 XForce ISS Database: squirrelmail-frame-file-include(19037) https://exchange.xforce.ibmcloud.com/vulnerabilities/19037 Common Vulnerability Exposure (CVE) ID: CVE-2005-0104 Debian Security Information: DSA-662 (Google Search) http://www.debian.org/security/2005/dsa-662 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568 http://secunia.com/advisories/14096 XForce ISS Database: squirrelmail-webmailphp-xss(19036) https://exchange.xforce.ibmcloud.com/vulnerabilities/19036
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.