Test ID:	1.3.6.1.4.1.25623.1.0.55145
Category:	Fedora Local Security Checks
Title:	Fedora Core 3 FEDORA-2005-779 (squirrelmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squirrelmail announced via advisory FEDORA-2005-779. It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. This snapshot worked on my personal server for the past week, so hopefully it will be good for everyone else too. CVE-2005-1769 and CVE-2005-2095 security issues are solved in this update. Please report regressions in behavior from our previous 1.4.4 package to Red Hat Bugzilla, product Fedora Core. All other squirrelmail bugs please report upstream. * Sun Aug 14 2005 Warren Togami 1.4.6-0.cvs20050812.1 - snapshot of 1.4.6 because 1.4.5 upstream was a bad release this hopefully will also work on PHP5 too... * Mon Jun 20 2005 Warren Togami 1.4.5-0.rc1 - 1.4.5-0.rc1 Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2005-779 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1769 20050616 [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] http://marc.info/?l=bugtraq&m=111893827711390&w=2 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-756 http://www.debian.org/security/2005/dsa-756 FLSA:163047 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 MDKSA-2005:108 http://www.mandriva.com/security/advisories?name=MDKSA-2005:108 RHSA-2005:595 http://www.redhat.com/support/errata/RHSA-2005-595.html SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.squirrelmail.org/security/issue/2005-06-15 oval:org.mitre.oval:def:9852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852 Common Vulnerability Exposure (CVE) ID: CVE-2005-2095 14254 http://www.securityfocus.com/bid/14254 20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability http://www.securityfocus.com/archive/1/405202 20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095 http://www.securityfocus.com/archive/1/405200 http://www.gulftech.org/?node=research&article_id=00090-07142005 http://www.squirrelmail.org/security/issue/2005-07-13 oval:org.mitre.oval:def:10500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500 squirrelmail-set-post-variable(21359) https://exchange.xforce.ibmcloud.com/vulnerabilities/21359
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.