 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.63192 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2009:0057 |
| Summary: | The remote host is missing updates announced in;advisory RHSA-2009:0057.;;SquirrelMail is an easy-to-configure, standards-based, webmail package;written in PHP. It includes built-in PHP support for the IMAP and SMTP;protocols, and pure HTML 4.0 page-rendering (with no JavaScript required);for maximum browser-compatibility, strong MIME support, address books, and;folder manipulation.;;The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory;introduced a session handling flaw. Users who logged back into SquirrelMail;without restarting their web browsers were assigned fixed session;identifiers. A remote attacker could make use of that flaw to hijack user;sessions. (CVE-2009-0030);;SquirrelMail users should upgrade to this updated package, which contains a;patch to correct this issue. As well, all users who used affected versions;of SquirrelMail should review their preferences. |
| Description: | Summary: The remote host is missing updates announced in advisory RHSA-2009:0057. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions. (CVE-2009-0030) SquirrelMail users should upgrade to this updated package, which contains a patch to correct this issue. As well, all users who used affected versions of SquirrelMail should review their preferences. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0030 1021611 http://securitytracker.com/id?1021611 33354 http://www.securityfocus.com/bid/33354 33611 http://secunia.com/advisories/33611 RHSA-2009:0057 https://rhn.redhat.com/errata/RHSA-2009-0057.html SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=480224 https://bugzilla.redhat.com/show_bug.cgi?id=480488 oval:org.mitre.oval:def:10366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366 squirrelmail-sessionid-session-hijacking(48115) https://exchange.xforce.ibmcloud.com/vulnerabilities/48115 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |