ID de Prueba:	1.3.6.1.4.1.25623.1.0.56314
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: squirrelmail
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: squirrelmail CVE-2006-0377 CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka 'IMAP injection.' CVE-2006-0195 Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) '/*' and '*/' comments, or (2) a newline in a 'url' specifier, which is processed by certain web browsers including Internet Explorer. CVE-2006-0188 webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0377 BugTraq ID: 16756 http://www.securityfocus.com/bid/16756 Debian Security Information: DSA-988 (Google Search) http://www.debian.org/security/2006/dsa-988 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470 http://www.redhat.com/support/errata/RHSA-2006-0283.html http://securitytracker.com/id?1015662 http://secunia.com/advisories/18985 http://secunia.com/advisories/19130 http://secunia.com/advisories/19131 http://secunia.com/advisories/19176 http://secunia.com/advisories/19205 http://secunia.com/advisories/19960 http://secunia.com/advisories/20210 SGI Security Advisory: 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.vupen.com/english/advisories/2006/0689 XForce ISS Database: squirrelmail-mailbox-imap-injection(24849) https://exchange.xforce.ibmcloud.com/vulnerabilities/24849 Common Vulnerability Exposure (CVE) ID: CVE-2006-0195 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548 XForce ISS Database: squirrelmail-magichtml-xss(24848) https://exchange.xforce.ibmcloud.com/vulnerabilities/24848 Common Vulnerability Exposure (CVE) ID: CVE-2006-0188 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419 XForce ISS Database: squirrelmail-webmail-xss(24847) https://exchange.xforce.ibmcloud.com/vulnerabilities/24847
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.