Test ID:	1.3.6.1.4.1.25623.1.0.52996
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: squirrelmail, ja-squirrelmail
Summary:	FreeBSD Ports: squirrelmail, ja-squirrelmail
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: squirrelmail ja-squirrelmail CVE-2004-1036 Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. CVE-2005-0075 prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. CVE-2005-0103 PHP remote code injection vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. CVE-2005-0104 Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. Solution: Update your system with the appropriate patches or software upgrades. http://www.squirrelmail.org/security/issue/2005-01-14 http://www.squirrelmail.org/security/issue/2005-01-19 http://www.squirrelmail.org/security/issue/2005-01-20 http://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662 http://www.vuxml.org/freebsd/79630c0c-8dcc-45d0-9908-4087fe1d618c.html
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1036 Bugtraq: 20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=110012133608004&w=2 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html Conectiva Linux advisory: CLA-2004:905 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905 http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9592 XForce ISS Database: squirrelmail-mime-xss(18031) http://xforce.iss.net/xforce/xfdb/18031 Common Vulnerability Exposure (CVE) ID: CVE-2005-0075 Bugtraq: 20050129 SquirrelMail Security Advisory (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662&w=2 http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml http://www.redhat.com/support/errata/RHSA-2005-099.html http://www.redhat.com/support/errata/RHSA-2005-135.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9587 http://secunia.com/advisories/13962/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0103 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10670 XForce ISS Database: squirrelmail-frame-file-include(19037) http://xforce.iss.net/xforce/xfdb/19037 Common Vulnerability Exposure (CVE) ID: CVE-2005-0104 Debian Security Information: DSA-662 (Google Search) http://www.debian.org/security/2005/dsa-662 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10568 http://secunia.com/advisories/14096 XForce ISS Database: squirrelmail-webmailphp-xss(19036) http://xforce.iss.net/xforce/xfdb/19036
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: