Fedora Local Security Checks : Fedora Core 5 FEDORA-2007-088 (squirrelmail)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.59454
Category:	Fedora Local Security Checks
Title:	Fedora Core 5 FEDORA-2007-088 (squirrelmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squirrelmail announced via advisory FEDORA-2007-088. SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. Update Information: http://squirrelmail.org/security/issue/2006-12-02 CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing http://squirrelmail.org/security/issue/2006-12-03 Workaround for Internet Explorer MIME handling * Mon Jan 15 2007 Warren Togami 1.4.8-3 - CVE-2006-6142 * Tue Aug 15 2006 Warren Togami 1.4.8-2 - more Japanese filename fixes (#195639) * Fri Aug 11 2006 Warren Togami 1.4.8-1 - 1.4.8 release with CVE-2006-4019 and upstream bug fixes * Tue Jul 18 2006 Warren Togami 1.4.7-5 - More JP translation updates (#194598) * Mon Jul 10 2006 Warren Togami 1.4.7-4 - Fix fatal typo in config_local.php (#198306) * Sun Jul 9 2006 Warren Togami 1.4.7-2 - Move sqspell_config.php to /etc and mark it %config(noreplace) (#192236) * Fri Jul 7 2006 Warren Togami 1.4.7-1 - 1.4.7 with CVE-2006-3174 - Reduce patch for body text (#194457) - Better JP translation for Check mail (#196117) * Fri Jun 23 2006 Warren Togami 1.4.6-8 - Japanese zenkaku subject conversion (#196017) - Japanese MSIE garbled download ugly hack (#195639) - Japanese multibyte attachment view text (#195452) - Japanese multibyte attachment body text (#194457) - Do not convert Japanese Help to UTF-8 (#194599) * Wed Jun 7 2006 Warren Togami 1.4.6-7 - CVE-2006-2842 File Inclusion Vulnerability * Mon Jun 5 2006 Warren Togami 1.4.6-6 - buildreq gettext (194169) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-088 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6142 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 21414 http://www.securityfocus.com/bid/21414 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Debian Security Information: DSA-1241 (Google Search) http://www.debian.org/security/2006/dsa-1241 http://fedoranews.org/cms/node/2438 http://fedoranews.org/cms/node/2439 http://www.mandriva.com/security/advisories?name=MDKSA-2006:226 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988 http://www.redhat.com/support/errata/RHSA-2007-0022.html http://securitytracker.com/id?1017327 http://secunia.com/advisories/23195 http://secunia.com/advisories/23322 http://secunia.com/advisories/23409 http://secunia.com/advisories/23504 http://secunia.com/advisories/23811 http://secunia.com/advisories/24004 http://secunia.com/advisories/24284 http://secunia.com/advisories/26235 SGI Security Advisory: 20070201-01-P ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SuSE Security Announcement: SUSE-SR:2006:029 (Google Search) http://www.novell.com/linux/security/advisories/2006_29_sr.html SuSE Security Announcement: SUSE-SR:2007:004 (Google Search) http://www.novell.com/linux/security/advisories/2007_4_sr.html http://www.vupen.com/english/advisories/2006/4828 http://www.vupen.com/english/advisories/2007/2732 XForce ISS Database: squirrelmail-magichtml-messages-xss(30694) https://exchange.xforce.ibmcloud.com/vulnerabilities/30694 XForce ISS Database: squirrelmail-mimeheader-xss(30695) https://exchange.xforce.ibmcloud.com/vulnerabilities/30695 XForce ISS Database: squirrelmail-webmail-compose-xss(30693) https://exchange.xforce.ibmcloud.com/vulnerabilities/30693 Common Vulnerability Exposure (CVE) ID: CVE-2006-4019 BugTraq ID: 19486 http://www.securityfocus.com/bid/19486 Bugtraq: 20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack (Google Search) http://www.securityfocus.com/archive/1/442993/100/0/threaded Bugtraq: 20060811 rPSA-2006-0152-1 squirrelmail (Google Search) http://www.securityfocus.com/archive/1/442980/100/0/threaded Debian Security Information: DSA-1154 (Google Search) http://www.debian.org/security/2006/dsa-1154 http://marc.info/?l=full-disclosure&m=115532449024178&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch http://www.osvdb.org/27917 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533 http://www.redhat.com/support/errata/RHSA-2006-0668.html http://securitytracker.com/id?1016689 http://secunia.com/advisories/21354 http://secunia.com/advisories/21444 http://secunia.com/advisories/21586 http://secunia.com/advisories/22080 http://secunia.com/advisories/22104 http://secunia.com/advisories/22487 SGI Security Advisory: 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc SuSE Security Announcement: SUSE-SR:2006:023 (Google Search) http://www.novell.com/linux/security/advisories/2006_23_sr.html http://attrition.org/pipermail/vim/2006-August/000970.html http://www.vupen.com/english/advisories/2006/3271 XForce ISS Database: squirrelmail-compose-variable-overwrite(28365) https://exchange.xforce.ibmcloud.com/vulnerabilities/28365 Common Vulnerability Exposure (CVE) ID: CVE-2006-3174 BugTraq ID: 18700 http://www.securityfocus.com/bid/18700 http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html http://www.osvdb.org/26610 XForce ISS Database: squirrelmail-search-xss(26941) https://exchange.xforce.ibmcloud.com/vulnerabilities/26941 Common Vulnerability Exposure (CVE) ID: CVE-2006-2842 BugTraq ID: 18231 http://www.securityfocus.com/bid/18231 Bugtraq: 20060601 Squirrelmail local file inclusion (Google Search) http://www.securityfocus.com/archive/1/435605/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670 http://www.redhat.com/support/errata/RHSA-2006-0547.html http://securitytracker.com/id?1016209 http://secunia.com/advisories/20406 http://secunia.com/advisories/20931 http://secunia.com/advisories/21159 http://secunia.com/advisories/21262 SGI Security Advisory: 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc SuSE Security Announcement: SUSE-SR:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sr.html http://www.vupen.com/english/advisories/2006/2101
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com