Test ID:	1.3.6.1.4.1.25623.1.0.55613
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-201-1 (courier)
Summary:	Ubuntu USN-201-1 (courier)
Description:	The remote host is missing an update to courier announced via advisory USN-201-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: sqwebmail Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the sqwebmail package is not officially supported by Ubuntu (it is in the universe section of the archive). Solution: The problem can be corrected by upgrading the affected package to version 0.45.6-1ubuntu0.1 (for Ubuntu 4.10), or 0.47-3ubuntu1.3 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-201-1 Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2724 Bugtraq: 20050824 Secunia Research: SqWebMail Attached File Script Insertion (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=112490698219531&w=2 http://secunia.com/secunia_research/2005-35/advisory/ http://marc.theaimsgroup.com/?l=courier-users&m=112488135424849&w=2 Debian Security Information: DSA-793 (Google Search) http://www.debian.org/security/2005/dsa-793 http://www.ubuntu.com/usn/usn-201-1 BugTraq ID: 14650 http://www.securityfocus.com/bid/14650 http://secunia.com/advisories/16539/ http://secunia.com/advisories/17156 XForce ISS Database: sqwebmail-contenttype-script-execution(21997) http://xforce.iss.net/xforce/xfdb/21997 Common Vulnerability Exposure (CVE) ID: CVE-2005-2769 Bugtraq: 20050829 Secunia Research: SqWebMail HTML Emails Script Insertion (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=112534112715638&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036622.html http://secunia.com/secunia_research/2005-39/advisory/ BugTraq ID: 14676 http://www.securityfocus.com/bid/14676 http://secunia.com/advisories/16600/ XForce ISS Database: sqwebmail-html-xss(22043) http://xforce.iss.net/xforce/xfdb/22043 Common Vulnerability Exposure (CVE) ID: CVE-2005-2820 Bugtraq: 20050906 Secunia Research: SqWebMail Conditional Comments Script Insertion (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=112607033030475&w=2 http://secunia.com/secunia_research/2005-44/advisory/ http://www.securiteam.com/unixfocus/5RP0220GUS.html Debian Security Information: DSA-820 (Google Search) http://www.debian.org/security/2005/dsa-820 http://secunia.com/advisories/16704/ XForce ISS Database: sqwebmail-html-comment-xss(22158) http://xforce.iss.net/xforce/xfdb/22158
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: