Linux Security
    Linux Security
    Linux Security

    Debian: squirrelmail Multiple vulnerabilities

    Posted By
    This patch addresses multiple Cross Site Scripting and SQL Injection vulnerabilities.
    Debian Security Advisory DSA 535-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    August 2nd, 2004               
    - --------------------------------------------------------------------------
    Package        : squirrelmail
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 CAN-2004-0639
    Four vulnerabilities were discovered in squirrelmail:
     CAN-2004-0519 - Multiple cross-site scripting (XSS) vulnerabilities
     in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary
     script as other users and possibly steal authentication information
     via multiple attack vectors, including the mailbox parameter in
     CAN-2004-0520 - Cross-site scripting (XSS) vulnerability in mime.php
     for SquirrelMail before 1.4.3 allows remote attackers to insert
     arbitrary HTML and script via the content-type mail header, as
     demonstrated using read_body.php.
     CAN-2004-0521 - SQL injection vulnerability in SquirrelMail before
     1.4.3 RC1 allows remote attackers to execute unauthorized SQL
     statements, with unknown impact, probably via abook_database.php.
     CAN-2004-0639 - Multiple cross-site scripting (XSS) vulnerabilities
     in Squirrelmail 1.2.10 and earlier allow remote attackers to inject
     arbitrary HTML or script via (1) the $mailer variable in
     read_body.php, (2) the $senderNames_part variable in
     mailbox_display.php, and possibly other vectors including (3) the
     $event_title variable or (4) the $event_text variable.
    For the current stable distribution (woody), these problems have been
    fixed in version 1:1.2.6-1.4.
    For the unstable distribution (sid), these problems have been fixed in
    2:1.4.3a-0.1 and earlier versions.
    We recommend that you update your squirrelmail package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      586 9e3f6fb2b152cb6086be738abc5e1021
          Size/MD5 checksum:    20493 0f07dc4c32a8356344ba5f39d6c2373a
          Size/MD5 checksum:  1856087 be9e6be1de8d3dd818185d596b41a7f1
      Architecture independent components:
          Size/MD5 checksum:  1840376 34057494a43f7a136276d821956e010a
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    [{"id":"140","title":"Not a game-changer for me.","votes":"2","type":"x","order":"1","pct":22.22,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"7","type":"x","order":"2","pct":77.78,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.