Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Gentoo: 200212-4 Critical: SquirrelMail XSS Remote Exploit

gentoo
Calendar Grey December 16, 2002
Scroller Gentoo
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNC
read_body.php didn't filter out user input for 'filter_dir' and 'mailbox', making a xss attack possible.

Summary


- --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-4
- --------------------------------------------------------------------
DATE    : 2002-12-15 14:12 UTC

- --------------------------------------------------------------------
euronymous <just-a-user@yandex.ru> found that read_body.php didn't filter out user input for 'filter_dir' and 'mailbox', making a xss attack possible.
Read the full advisory at /
SOLUTION
It is recommended that all Gentoo Linux users who are running net-mail/squirrelmail-1.2.9 and earlier update their systems as follows:
emerge rsync emerge squirrelmail emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - --------------------------------------------------------------------

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : squirrelmail
SUMMARY : cross site scripting
EXPLOIT : remote

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround