Debian Squirrelmail Critical Fix: Remote Attack Mitigation DSA 988-1
debian
March 8, 2006
Updated package.
Topics Covered
Summary
Martijn Brinkers and Ben Maurer found a flaw in webmail.php that
allows remote attackers to inject arbitrary web pages into the right
frame via a URL in the right_frame parameter.
CVE-2006-0195
Martijn Brinkers and Scott Hughes discovered an interpretation
conflict in the MagicHTML filter that allows remote attackers to
conduct cross-site scripting (XSS) attacks via style sheet
specifiers with invalid (1) "/*" and "*/" comments, or (2) slashes
inside the "url" keyword, which is processed by some web browsers
including Internet Explorer.
CVE-2006-0377
Vicente Aguilera of Internet Security Auditors, S.L. discovered a
CRLF injection vulnerability, which allows remote attackers to
inject arbitrary IMAP commands via newline characters in the mailbox
parameter of the sqimap_mailbox_select command, aka "IMAP
injection." There's no known way to exploit this yet.
For the old stable distribution (woody) these problems have been fix...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!