Test ID:	1.3.6.1.4.1.25623.1.0.123994
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0103)
Summary:	The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory.
Description:	Summary: The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory. Vulnerability Insight: [1.4.8-5.0.1.el5_7.13] - Remove Redhat splash screen images [1.4.8-5.13] - fix typo in CVE-20210-4555 patch [1.4.8-5.12] - patch for CVE-2010-2813 was not complete [1.4.8-5.11] - fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in Mail Fetch plugin - fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password - fix: CVE-2010-4554 : Prone to clickjacking attacks - fix: CVE-2010-4555 : Multiple XSS flaws [tag handling] - fix: CVE-2011-2752 : CRLF injection vulnerability - fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index Order page Affected Software/OS: 'squirrelmail' package(s) on Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1637 40291 http://www.securityfocus.com/bid/40291 40307 http://secunia.com/advisories/40307 http://www.securityfocus.com/bid/40307 ADV-2010-1535 http://www.vupen.com/english/advisories/2010/1535 ADV-2010-1536 http://www.vupen.com/english/advisories/2010/1536 ADV-2010-1554 http://www.vupen.com/english/advisories/2010/1554 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html FEDORA-2010-10244 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html FEDORA-2010-10259 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html FEDORA-2010-10264 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html MDVSA-2010:120 http://www.mandriva.com/security/advisories?name=MDVSA-2010:120 RHSA-2012:0103 http://rhn.redhat.com/errata/RHSA-2012-0103.html [oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/05/25/3 http://www.openwall.com/lists/oss-security/2010/05/25/9 [oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/06/21/1 http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://squirrelmail.org/security/issue/2010-06-21 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951 http://support.apple.com/kb/HT5130 Common Vulnerability Exposure (CVE) ID: CVE-2010-2813 BugTraq ID: 42399 http://www.securityfocus.com/bid/42399 Debian Security Information: DSA-2091 (Google Search) http://www.debian.org/security/2010/dsa-2091 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html RedHat Security Advisories: RHSA-2012:0103 http://secunia.com/advisories/40964 http://secunia.com/advisories/40971 http://www.vupen.com/english/advisories/2010/2070 http://www.vupen.com/english/advisories/2010/2080 XForce ISS Database: squirrelmail-imap-dos(61124) https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 Common Vulnerability Exposure (CVE) ID: CVE-2010-4554 Debian Security Information: DSA-2291 (Google Search) http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 XForce ISS Database: squirrelmail-http-clickjacking(68512) https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 Common Vulnerability Exposure (CVE) ID: CVE-2010-4555 XForce ISS Database: squirrelmail-dropdown-xss(68510) https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 XForce ISS Database: squirrelmail-spellchecking-xss(68511) https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 Common Vulnerability Exposure (CVE) ID: CVE-2011-2023 http://securitytracker.com/id?1025766 Common Vulnerability Exposure (CVE) ID: CVE-2011-2752 XForce ISS Database: squirrelmail-newline-crlf-injection(68587) https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 Common Vulnerability Exposure (CVE) ID: CVE-2011-2753 XForce ISS Database: squirrelmail-authentication-csrf(68586) https://exchange.xforce.ibmcloud.com/vulnerabilities/68586
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.