Test ID:	1.3.6.1.4.1.25623.1.0.59368
Category:	Fedora Local Security Checks
Title:	Fedora Core 5 FEDORA-2006-913 (squirrelmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squirrelmail announced via advisory FEDORA-2006-913. SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. Update Information: Upstream's 1.4.8 release fixes more bugs and solves CVE-2006-4019 security issue. Fedora's package also contains numerous language specific fixes. See RPM %changelog for more details. * Fri Aug 11 2006 Warren Togami 1.4.8-1 - 1.4.8 release with CVE-2006-4019 and upstream bug fixes * Tue Jul 18 2006 Warren Togami 1.4.7-5 - More JP translation updates (#194598) * Mon Jul 10 2006 Warren Togami 1.4.7-4 - Fix fatal typo in config_local.php (#198306) * Sun Jul 9 2006 Warren Togami 1.4.7-2 - Move sqspell_config.php to /etc and mark it %config(noreplace) (#192236) * Fri Jul 7 2006 Warren Togami 1.4.7-1 - 1.4.7 with CVE-2006-3174 - Reduce patch for body text (#194457) - Better JP translation for Check mail (#196117) * Fri Jun 23 2006 Warren Togami 1.4.6-8 - Japanese zenkaku subject conversion (#196017) - Japanese MSIE garbled download ugly hack (#195639) - Japanese multibyte attachment view text (#195452) - Japanese multibyte attachment body text (#194457) - Do not convert Japanese Help to UTF-8 (#194599) * Wed Jun 7 2006 Warren Togami 1.4.6-7 - CVE-2006-2842 File Inclusion Vulnerability * Mon Jun 5 2006 Warren Togami 1.4.6-6 - buildreq gettext (194169) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-913 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4019 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 19486 http://www.securityfocus.com/bid/19486 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Bugtraq: 20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack (Google Search) http://www.securityfocus.com/archive/1/442993/100/0/threaded Bugtraq: 20060811 rPSA-2006-0152-1 squirrelmail (Google Search) http://www.securityfocus.com/archive/1/442980/100/0/threaded Debian Security Information: DSA-1154 (Google Search) http://www.debian.org/security/2006/dsa-1154 http://marc.info/?l=full-disclosure&m=115532449024178&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch http://www.osvdb.org/27917 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533 http://www.redhat.com/support/errata/RHSA-2006-0668.html http://securitytracker.com/id?1016689 http://secunia.com/advisories/21354 http://secunia.com/advisories/21444 http://secunia.com/advisories/21586 http://secunia.com/advisories/22080 http://secunia.com/advisories/22104 http://secunia.com/advisories/22487 http://secunia.com/advisories/26235 SGI Security Advisory: 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc SuSE Security Announcement: SUSE-SR:2006:023 (Google Search) http://www.novell.com/linux/security/advisories/2006_23_sr.html http://attrition.org/pipermail/vim/2006-August/000970.html http://www.vupen.com/english/advisories/2006/3271 http://www.vupen.com/english/advisories/2007/2732 XForce ISS Database: squirrelmail-compose-variable-overwrite(28365) https://exchange.xforce.ibmcloud.com/vulnerabilities/28365 Common Vulnerability Exposure (CVE) ID: CVE-2006-3174 BugTraq ID: 18700 http://www.securityfocus.com/bid/18700 http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html http://www.osvdb.org/26610 XForce ISS Database: squirrelmail-search-xss(26941) https://exchange.xforce.ibmcloud.com/vulnerabilities/26941 Common Vulnerability Exposure (CVE) ID: CVE-2006-2842 BugTraq ID: 18231 http://www.securityfocus.com/bid/18231 Bugtraq: 20060601 Squirrelmail local file inclusion (Google Search) http://www.securityfocus.com/archive/1/435605/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670 http://www.redhat.com/support/errata/RHSA-2006-0547.html http://securitytracker.com/id?1016209 http://secunia.com/advisories/20406 http://secunia.com/advisories/20931 http://secunia.com/advisories/21159 http://secunia.com/advisories/21262 SGI Security Advisory: 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc SuSE Security Announcement: SUSE-SR:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sr.html http://www.vupen.com/english/advisories/2006/2101
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.