FreeBSD Local Security Checks : FreeBSD Ports: squirrelmail

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.62859

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: squirrelmail

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: squirrelmail

CVE-2008-2379
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17
allows remote attackers to inject arbitrary web script or HTML via a
crafted hyperlink in an HTML part of an e-mail message.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2379
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 32603
http://www.securityfocus.com/bid/32603
Debian Security Information: DSA-1682 (Google Search)
http://www.debian.org/security/2008/dsa-1682
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html
http://security-net.biz/wsw/index.php?p=254&n=190
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764
http://secunia.com/advisories/32143
http://secunia.com/advisories/33054
http://secunia.com/advisories/33071
http://secunia.com/advisories/33937
SuSE Security Announcement: SUSE-SR:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://www.vupen.com/english/advisories/2008/3332
XForce ISS Database: squirrelmail-html-xss(47024)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47024

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.62859
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: squirrelmail
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: squirrelmail CVE-2008-2379 Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2379 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 32603 http://www.securityfocus.com/bid/32603 Debian Security Information: DSA-1682 (Google Search) http://www.debian.org/security/2008/dsa-1682 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://security-net.biz/wsw/index.php?p=254&n=190 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 http://secunia.com/advisories/32143 http://secunia.com/advisories/33054 http://secunia.com/advisories/33071 http://secunia.com/advisories/33937 SuSE Security Announcement: SUSE-SR:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://www.vupen.com/english/advisories/2008/3332 XForce ISS Database: squirrelmail-html-xss(47024) https://exchange.xforce.ibmcloud.com/vulnerabilities/47024
Copyright	Copyright (C) 2008 E-Soft Inc.