|Category:||Mandrake Local Security Checks|
|Title:||Mandrake Security Advisory MDKSA-2007:106 (squirrelmail)|
|Summary:||Mandrake Security Advisory MDKSA-2007:106 (squirrelmail)|
The remote host is missing an update to squirrelmail
announced via advisory MDKSA-2007:106.
A number of HTML filtering bugs were found in SquirrelMail that
cross-site scripting attacks by sending an email viewed by a user
within SquirrelMail (CVE-2007-1262).
As well, SquirrelMail did not sufficiently check arguments to IMG tags
in HTML messages that could be exploited by an attacker by sending
arbitrary email messges on behalf of a SquirrelMail user tricked into
opening a maliciously-crafted HTML email message (CVE-2007-2589).
The packages provided have been updated to correct these
Corporate Server 4 has been upgraded to SquirrelMail
1.4.10a and Corporate Server 3 has been patched to protect against
Affected: Corporate 3.0, Corporate 4.0
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Risk factor : Medium
Common Vulnerability Exposure (CVE) ID: CVE-2007-1262|
Debian Security Information: DSA-1290 (Google Search)
RedHat Security Advisories: RHSA-2007:0358
SuSE Security Announcement: SUSE-SR:2007:013 (Google Search)
BugTraq ID: 23910
BugTraq ID: 25159
Common Vulnerability Exposure (CVE) ID: CVE-2007-2589
XForce ISS Database: squirrelmail-multiple-scripts-csrf(34219)
|Copyright||Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com|
|This is only one of 39337 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.