ID de Prueba:	1.3.6.1.4.1.25623.1.0.58269
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:106 (squirrelmail)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to squirrelmail announced via advisory MDKSA-2007:106. A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail (CVE-2007-1262). As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messges on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message (CVE-2007-2589). The packages provided have been updated to correct these vulnerabilities Corporate Server 4 has been upgraded to SquirrelMail 1.4.10a and Corporate Server 3 has been patched to protect against these issues. Affected: Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:106 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1262 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 23910 http://www.securityfocus.com/bid/23910 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Debian Security Information: DSA-1290 (Google Search) http://www.debian.org/security/2007/dsa-1290 http://jvn.jp/en/jp/JVN09157962/index.html http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:106 http://osvdb.org/35887 http://osvdb.org/35888 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712 RedHat Security Advisories: RHSA-2007:0358 https://rhn.redhat.com/errata/RHSA-2007-0358.html http://www.securitytracker.com/id?1018033 http://secunia.com/advisories/25200 http://secunia.com/advisories/25236 http://secunia.com/advisories/25320 http://secunia.com/advisories/25690 http://secunia.com/advisories/25787 http://secunia.com/advisories/26235 SuSE Security Announcement: SUSE-SR:2007:013 (Google Search) http://www.novell.com/linux/security/advisories/2007_13_sr.html http://www.vupen.com/english/advisories/2007/1748 http://www.vupen.com/english/advisories/2007/2732 Common Vulnerability Exposure (CVE) ID: CVE-2007-2589 http://osvdb.org/35889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448 XForce ISS Database: squirrelmail-multiple-scripts-csrf(34219) https://exchange.xforce.ibmcloud.com/vulnerabilities/34219
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.