Test ID:	1.3.6.1.4.1.25623.1.0.54479
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:595
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2005:595. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. A user's SquirrelMail preferences could be read or modified if the user is tricked into visiting a malicious URL. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. (CVE-2005-1769) All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-595.html Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2095 14254 http://www.securityfocus.com/bid/14254 20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability http://www.securityfocus.com/archive/1/405202 20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095 http://www.securityfocus.com/archive/1/405200 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-756 http://www.debian.org/security/2005/dsa-756 FLSA:163047 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 RHSA-2005:595 http://www.redhat.com/support/errata/RHSA-2005-595.html SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.gulftech.org/?node=research&article_id=00090-07142005 http://www.squirrelmail.org/security/issue/2005-07-13 oval:org.mitre.oval:def:10500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500 squirrelmail-set-post-variable(21359) https://exchange.xforce.ibmcloud.com/vulnerabilities/21359 Common Vulnerability Exposure (CVE) ID: CVE-2005-1769 20050616 [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] http://marc.info/?l=bugtraq&m=111893827711390&w=2 MDKSA-2005:108 http://www.mandriva.com/security/advisories?name=MDKSA-2005:108 http://www.squirrelmail.org/security/issue/2005-06-15 oval:org.mitre.oval:def:9852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.