FreeBSD Local Security Checks : FreeBSD Ports: squirrelmail, ja-squirrelmail

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55356

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: squirrelmail, ja-squirrelmail

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

squirrelmail
ja-squirrelmail

CVE-2005-2095
SquirrelMail 1.4.4 and earlier does not properly handle the $_POST
variable, which allows remote attackers to modify or read the
preferences of other users.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2095
14254
http://www.securityfocus.com/bid/14254
20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability
http://www.securityfocus.com/archive/1/405202
20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095
http://www.securityfocus.com/archive/1/405200
APPLE-SA-2005-08-15
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
APPLE-SA-2005-08-17
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
DSA-756
http://www.debian.org/security/2005/dsa-756
FLSA:163047
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047
RHSA-2005:595
http://www.redhat.com/support/errata/RHSA-2005-595.html
SUSE-SR:2005:018
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.gulftech.org/?node=research&article_id=00090-07142005
http://www.squirrelmail.org/security/issue/2005-07-13
oval:org.mitre.oval:def:10500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500
squirrelmail-set-post-variable(21359)
https://exchange.xforce.ibmcloud.com/vulnerabilities/21359

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55356
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: squirrelmail, ja-squirrelmail
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: squirrelmail ja-squirrelmail CVE-2005-2095 SquirrelMail 1.4.4 and earlier does not properly handle the $_POST variable, which allows remote attackers to modify or read the preferences of other users. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2095 14254 http://www.securityfocus.com/bid/14254 20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability http://www.securityfocus.com/archive/1/405202 20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095 http://www.securityfocus.com/archive/1/405200 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-756 http://www.debian.org/security/2005/dsa-756 FLSA:163047 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 RHSA-2005:595 http://www.redhat.com/support/errata/RHSA-2005-595.html SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.gulftech.org/?node=research&article_id=00090-07142005 http://www.squirrelmail.org/security/issue/2005-07-13 oval:org.mitre.oval:def:10500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500 squirrelmail-set-post-variable(21359) https://exchange.xforce.ibmcloud.com/vulnerabilities/21359
Copyright	Copyright (C) 2008 E-Soft Inc.