Test ID:	1.3.6.1.4.1.25623.1.0.55332
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2005:163047
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2005:163047. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues. Affected platforms: Redhat 9 Fedora Core 1 Fedora Core 2 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2005:163047 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1769 20050616 [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] http://marc.info/?l=bugtraq&m=111893827711390&w=2 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-756 http://www.debian.org/security/2005/dsa-756 FLSA:163047 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 MDKSA-2005:108 http://www.mandriva.com/security/advisories?name=MDKSA-2005:108 RHSA-2005:595 http://www.redhat.com/support/errata/RHSA-2005-595.html SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.squirrelmail.org/security/issue/2005-06-15 oval:org.mitre.oval:def:9852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852 Common Vulnerability Exposure (CVE) ID: CVE-2005-2095 14254 http://www.securityfocus.com/bid/14254 20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability http://www.securityfocus.com/archive/1/405202 20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095 http://www.securityfocus.com/archive/1/405200 http://www.gulftech.org/?node=research&article_id=00090-07142005 http://www.squirrelmail.org/security/issue/2005-07-13 oval:org.mitre.oval:def:10500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500 squirrelmail-set-post-variable(21359) https://exchange.xforce.ibmcloud.com/vulnerabilities/21359
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.