ID de Prueba:	1.3.6.1.4.1.25623.1.0.54479
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:595
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:595. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. A user's SquirrelMail preferences could be read or modified if the user is tricked into visiting a malicious URL. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. (CVE-2005-1769) All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-595.html Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2095 14254 http://www.securityfocus.com/bid/14254 20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability http://www.securityfocus.com/archive/1/405202 20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095 http://www.securityfocus.com/archive/1/405200 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-756 http://www.debian.org/security/2005/dsa-756 FLSA:163047 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 RHSA-2005:595 http://www.redhat.com/support/errata/RHSA-2005-595.html SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.gulftech.org/?node=research&article_id=00090-07142005 http://www.squirrelmail.org/security/issue/2005-07-13 oval:org.mitre.oval:def:10500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500 squirrelmail-set-post-variable(21359) https://exchange.xforce.ibmcloud.com/vulnerabilities/21359 Common Vulnerability Exposure (CVE) ID: CVE-2005-1769 20050616 [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] http://marc.info/?l=bugtraq&m=111893827711390&w=2 MDKSA-2005:108 http://www.mandriva.com/security/advisories?name=MDKSA-2005:108 http://www.squirrelmail.org/security/issue/2005-06-15 oval:org.mitre.oval:def:9852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.