Test ID:	1.3.6.1.4.1.25623.1.0.55613
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-201-1 (courier)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to courier announced via advisory USN-201-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: sqwebmail Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the sqwebmail package is not officially supported by Ubuntu (it is in the universe section of the archive). Solution: The problem can be corrected by upgrading the affected package to version 0.45.6-1ubuntu0.1 (for Ubuntu 4.10), or 0.47-3ubuntu1.3 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-201-1 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2724 BugTraq ID: 14650 http://www.securityfocus.com/bid/14650 Bugtraq: 20050824 Secunia Research: SqWebMail Attached File Script Insertion (Google Search) http://marc.info/?l=bugtraq&m=112490698219531&w=2 Debian Security Information: DSA-793 (Google Search) http://www.debian.org/security/2005/dsa-793 http://secunia.com/secunia_research/2005-35/advisory/ http://marc.info/?l=courier-users&m=112488135424849&w=2 http://secunia.com/advisories/16539/ http://secunia.com/advisories/17156 http://www.ubuntu.com/usn/usn-201-1 XForce ISS Database: sqwebmail-contenttype-script-execution(21997) https://exchange.xforce.ibmcloud.com/vulnerabilities/21997 Common Vulnerability Exposure (CVE) ID: CVE-2005-2769 BugTraq ID: 14676 http://www.securityfocus.com/bid/14676 Bugtraq: 20050829 Secunia Research: SqWebMail HTML Emails Script Insertion (Google Search) http://marc.info/?l=bugtraq&m=112534112715638&w=2 http://seclists.org/fulldisclosure/2005/Aug/975 http://secunia.com/secunia_research/2005-39/advisory/ http://secunia.com/advisories/16600/ XForce ISS Database: sqwebmail-html-xss(22043) https://exchange.xforce.ibmcloud.com/vulnerabilities/22043 Common Vulnerability Exposure (CVE) ID: CVE-2005-2820 Bugtraq: 20050906 Secunia Research: SqWebMail Conditional Comments Script Insertion (Google Search) http://marc.info/?l=bugtraq&m=112607033030475&w=2 Debian Security Information: DSA-820 (Google Search) http://www.debian.org/security/2005/dsa-820 http://secunia.com/secunia_research/2005-44/advisory/ http://www.securiteam.com/unixfocus/5RP0220GUS.html http://secunia.com/advisories/16704/ XForce ISS Database: sqwebmail-html-comment-xss(22158) https://exchange.xforce.ibmcloud.com/vulnerabilities/22158
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.