Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200406-08 (Squirrelmail)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54593

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200406-08 (Squirrelmail)

Resumen: The remote host is missing updates announced in;advisory GLSA 200406-08.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200406-08.

Vulnerability Insight:
Squirrelmail fails to properly sanitize user input, which could lead to a
compromise of webmail accounts.

Solution:
All SquirrelMail users should upgrade to the latest stable version:

# emerge sync

# emerge -pv '>=mail-client/squirrelmail-1.4.3'
# emerge '>=mail-client/squirrelmail-1.4.3'

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0520
BugTraq ID: 10439
http://www.securityfocus.com/bid/10439
Bugtraq: 20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108611554415078&w=2
Conectiva Linux advisory: CLA-2004:858
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
Debian Security Information: DSA-535 (Google Search)
http://www.debian.org/security/2004/dsa-535
http://www.securityfocus.com/advisories/6827
https://bugzilla.fedora.us/show_bug.cgi?id=1733
http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
http://marc.info/?l=squirrelmail-cvs&m=108532891231712
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766
RedHat Security Advisories: RHSA-2004:240
http://rhn.redhat.com/errata/RHSA-2004-240.html
http://secunia.com/advisories/11870
http://secunia.com/advisories/12289
SGI Security Advisory: 20040604-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54593
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200406-08 (Squirrelmail)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200406-08.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200406-08. Vulnerability Insight: Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts. Solution: All SquirrelMail users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=mail-client/squirrelmail-1.4.3' # emerge '>=mail-client/squirrelmail-1.4.3' CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0520 BugTraq ID: 10439 http://www.securityfocus.com/bid/10439 Bugtraq: 20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108611554415078&w=2 Conectiva Linux advisory: CLA-2004:858 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 Debian Security Information: DSA-535 (Google Search) http://www.debian.org/security/2004/dsa-535 http://www.securityfocus.com/advisories/6827 https://bugzilla.fedora.us/show_bug.cgi?id=1733 http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt http://marc.info/?l=squirrelmail-cvs&m=108532891231712 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766 RedHat Security Advisories: RHSA-2004:240 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 SGI Security Advisory: 20040604-01-U ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
Copyright	Copyright (C) 2008 E-Soft Inc.