Test ID:	1.3.6.1.4.1.25623.1.0.64085
Category:	Fedora Local Security Checks
Title:	Fedora Core 9 FEDORA-2009-5471 (squirrelmail)
Summary:	The remote host is missing an update to squirrelmail;announced via advisory FEDORA-2009-5471.;Note: This VT has been deprecated and is therefore no longer functional.
Description:	Summary: The remote host is missing an update to squirrelmail announced via advisory FEDORA-2009-5471. Note: This VT has been deprecated and is therefore no longer functional. Vulnerability Insight: ChangeLog: * Fri May 22 2009 Michal Hlavinka - 1.4.19-1 - updated to 1.4.19 - fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 * Tue May 19 2009 Michal Hlavinka - 1.4.18-2 - fix undefined variable aSpamIds (#501260) * Tue May 12 2009 Michal Hlavinka - 1.4.18-1 - update to 1.4.18 (fixes CVE-2009-1581) Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update squirrelmail' at the command line. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1579 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 34916 http://www.securityfocus.com/bid/34916 Debian Security Information: DSA-1802 (Google Search) http://www.debian.org/security/2009/dsa-1802 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986 http://www.redhat.com/support/errata/RHSA-2009-1066.html http://secunia.com/advisories/35052 http://secunia.com/advisories/35073 http://secunia.com/advisories/35140 http://secunia.com/advisories/35259 http://secunia.com/advisories/37415 http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2009/1296 http://www.vupen.com/english/advisories/2009/3315 http://www.vupen.com/english/advisories/2010/1481 XForce ISS Database: squirrelmail-mapypalias-code-execution(50461) https://exchange.xforce.ibmcloud.com/vulnerabilities/50461 Common Vulnerability Exposure (CVE) ID: CVE-2009-1580 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107 XForce ISS Database: squirrelmail-baseuri-session-hijacking(50462) https://exchange.xforce.ibmcloud.com/vulnerabilities/50462 Common Vulnerability Exposure (CVE) ID: CVE-2009-1581 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441 XForce ISS Database: squirrelmail-css-xss(50463) https://exchange.xforce.ibmcloud.com/vulnerabilities/50463 Common Vulnerability Exposure (CVE) ID: CVE-2008-2379 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 32603 http://www.securityfocus.com/bid/32603 Debian Security Information: DSA-1682 (Google Search) http://www.debian.org/security/2008/dsa-1682 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://security-net.biz/wsw/index.php?p=254&n=190 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 http://secunia.com/advisories/32143 http://secunia.com/advisories/33054 http://secunia.com/advisories/33071 http://secunia.com/advisories/33937 SuSE Security Announcement: SUSE-SR:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://www.vupen.com/english/advisories/2008/3332 XForce ISS Database: squirrelmail-html-xss(47024) https://exchange.xforce.ibmcloud.com/vulnerabilities/47024 Common Vulnerability Exposure (CVE) ID: CVE-2008-3663 BugTraq ID: 31321 http://www.securityfocus.com/bid/31321 Bugtraq: 20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 (Google Search) http://www.securityfocus.com/archive/1/496601/100/0/threaded http://int21.de/cve/CVE-2008-3663-squirrelmail.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548 http://securityreason.com/securityalert/4304 SuSE Security Announcement: SUSE-SR:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html XForce ISS Database: squirrelmail-cookie-session-hijacking(45700) https://exchange.xforce.ibmcloud.com/vulnerabilities/45700 Common Vulnerability Exposure (CVE) ID: CVE-2009-1381 20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix http://www.securityfocus.com/archive/1/503718/100/0/threaded 35140 DSA-1802 FEDORA-2009-5350 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html FEDORA-2009-5471 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html MDVSA-2009:122 http://www.mandriva.com/security/advisories?name=MDVSA-2009:122 http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.