Test ID:	1.3.6.1.4.1.25623.1.0.57705
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2006:226 (squirrelmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squirrelmail announced via advisory MDKSA-2006:226. Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving a shortcoming in the magicHTML filter. Updated packages are patched to address these issues. Affected: Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:226 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6142 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 21414 http://www.securityfocus.com/bid/21414 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Debian Security Information: DSA-1241 (Google Search) http://www.debian.org/security/2006/dsa-1241 http://fedoranews.org/cms/node/2438 http://fedoranews.org/cms/node/2439 http://www.mandriva.com/security/advisories?name=MDKSA-2006:226 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988 http://www.redhat.com/support/errata/RHSA-2007-0022.html http://securitytracker.com/id?1017327 http://secunia.com/advisories/23195 http://secunia.com/advisories/23322 http://secunia.com/advisories/23409 http://secunia.com/advisories/23504 http://secunia.com/advisories/23811 http://secunia.com/advisories/24004 http://secunia.com/advisories/24284 http://secunia.com/advisories/26235 SGI Security Advisory: 20070201-01-P ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SuSE Security Announcement: SUSE-SR:2006:029 (Google Search) http://www.novell.com/linux/security/advisories/2006_29_sr.html SuSE Security Announcement: SUSE-SR:2007:004 (Google Search) http://www.novell.com/linux/security/advisories/2007_4_sr.html http://www.vupen.com/english/advisories/2006/4828 http://www.vupen.com/english/advisories/2007/2732 XForce ISS Database: squirrelmail-magichtml-messages-xss(30694) https://exchange.xforce.ibmcloud.com/vulnerabilities/30694 XForce ISS Database: squirrelmail-mimeheader-xss(30695) https://exchange.xforce.ibmcloud.com/vulnerabilities/30695 XForce ISS Database: squirrelmail-webmail-compose-xss(30693) https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.