Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54825

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)

Resumen: The remote host is missing updates announced in;advisory GLSA 200501-39.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200501-39.

Vulnerability Insight:
SquirrelMail fails to properly sanitize user input, which could lead to
arbitrary code execution and compromise webmail accounts.

Solution:
All SquirrelMail users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.4'

Note: Users with the vhosts USE flag set should manually use webapp-config
to finalize the update.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0075
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Bugtraq: 20050129 SquirrelMail Security Advisory (Google Search)
http://marc.info/?l=bugtraq&m=110702772714662&w=2
http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587
http://www.redhat.com/support/errata/RHSA-2005-099.html
http://www.redhat.com/support/errata/RHSA-2005-135.html
http://secunia.com/advisories/13962/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670
XForce ISS Database: squirrelmail-frame-file-include(19037)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19037
Common Vulnerability Exposure (CVE) ID: CVE-2005-0104
Debian Security Information: DSA-662 (Google Search)
http://www.debian.org/security/2005/dsa-662
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568
http://secunia.com/advisories/14096
XForce ISS Database: squirrelmail-webmailphp-xss(19036)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19036

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54825
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200501-39.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200501-39. Vulnerability Insight: SquirrelMail fails to properly sanitize user input, which could lead to arbitrary code execution and compromise webmail accounts. Solution: All SquirrelMail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.4' Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0075 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html Bugtraq: 20050129 SquirrelMail Security Advisory (Google Search) http://marc.info/?l=bugtraq&m=110702772714662&w=2 http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587 http://www.redhat.com/support/errata/RHSA-2005-099.html http://www.redhat.com/support/errata/RHSA-2005-135.html http://secunia.com/advisories/13962/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670 XForce ISS Database: squirrelmail-frame-file-include(19037) https://exchange.xforce.ibmcloud.com/vulnerabilities/19037 Common Vulnerability Exposure (CVE) ID: CVE-2005-0104 Debian Security Information: DSA-662 (Google Search) http://www.debian.org/security/2005/dsa-662 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568 http://secunia.com/advisories/14096 XForce ISS Database: squirrelmail-webmailphp-xss(19036) https://exchange.xforce.ibmcloud.com/vulnerabilities/19036
Copyright	Copyright (C) 2008 E-Soft Inc.