Vulnerabilities > CVE-2004-0639

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
squirrelmail
sgi
open-webmail
nessus
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.

Exploit-Db

descriptionSquirrelMail 1.2.x From Email Header HTML Injection Vulnerability. CVE-2004-0639. Webapps exploit for php platform
idEDB-ID:24167
last seen2016-02-02
modified2004-06-03
published2004-06-03
reporteranonymous
sourcehttps://www.exploit-db.com/download/24167/
titleSquirrelMail 1.2.x From Email Header HTML Injection Vulnerability

Nessus

  • NASL familyCGI abuses : XSS
    NASL idSQUIRRELMAIL_HTML_INJECTION_VULN.NASL
    descriptionThe target is running at least one instance of SquirrelMail whose version number is between 1.2.0 and 1.2.10 inclusive. Such versions do not properly sanitize From headers, leaving users vulnerable to XSS attacks. Further, since SquirrelMail displays From headers when listing a folder, attacks does not require a user to actually open a message, only view the folder listing. For example, a remote attacker could effectively launch a DoS against a user by sending a message with a From header such as : From:<!--<>(-->John Doe<script>document.cookie=
    last seen2020-06-01
    modified2020-06-02
    plugin id14217
    published2004-08-06
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14217
    titleSquirrelMail < 1.2.11 Multiple Script XSS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14217);
      script_version("1.25");
    
      script_cve_id("CVE-2004-0639");
      script_bugtraq_id(10450);
    
      script_name(english:"SquirrelMail < 1.2.11 Multiple Script XSS");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application that is affected by 
    multiple cross-site scripting vulnerabilities." );
     script_set_attribute(attribute:"description", value:
    "The target is running at least one instance of SquirrelMail whose
    version number is between 1.2.0 and 1.2.10 inclusive.  Such versions do
    not properly sanitize From headers, leaving users vulnerable to XSS
    attacks.  Further, since SquirrelMail displays From headers when listing
    a folder, attacks does not require a user to actually open a message,
    only view the folder listing.
    
    For example, a remote attacker could effectively launch a DoS against
    a user by sending a message with a From header such as :
    
    From:<!--<>(-->John Doe<script>document.cookie='PHPSESSID=xxx; path=/';</script><>
    
    which rewrites the session ID cookie and effectively logs the user
    out.
    
    ***** Nessus has determined the vulnerability exists on the target
    ***** simply by looking at the version number(s) of Squirrelmail
    ***** installed there." );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to SquirrelMail 1.2.11 or later or wrap the call to
    sqimap_find_displayable_name in printMessageInfo in
    functions/mailbox_display.php with a call to htmlentities." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/06");
     script_set_attribute(attribute:"vuln_publication_date", value: "2004/05/29");
     script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:squirrelmail:squirrelmail");
    script_end_attributes();
    
     
      summary["english"] = "Check Squirrelmail for HTML injection vulnerability";
      script_summary(english:summary["english"]);
     
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
    
      script_family(english:"CGI abuses : XSS");
    
      script_dependencie("squirrelmail_detect.nasl");
      script_require_ports("Services/www", 80);
      script_require_keys("www/squirrelmail");
      exit(0);
    }
    
    include("http_func.inc");
    
    host = get_host_name();
    port = get_http_port(default:80, embedded:TRUE);
    
    if (!get_port_state(port)) 
    	exit(0);
    
    # Check each installed instance, stopping if we find a vulnerability.
    installs = get_kb_list(string("www/", port, "/squirrelmail"));
    if (isnull(installs)) 
    	exit(0);
    
    foreach install (installs) 
    {
    	matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
      	if (!isnull(matches)) 
    	{
        		ver = matches[1];
        		dir = matches[2];
    
        		if (ereg(pattern:"^1\.2\.([0-9]|10)$", string:ver)) 
    		{
          			security_warning(port);
    			set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
          			exit(0);
        		}
      	}
    }
    
    
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-535.NASL
    descriptionFour vulnerabilities were discovered in squirrelmail : - CAN-2004-0519 Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. - CAN-2004-0520 Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. - CAN-2004-0521 SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. - CAN-2004-0639 Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
    last seen2020-06-01
    modified2020-06-02
    plugin id15372
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15372
    titleDebian DSA-535-1 : squirrelmail - several vulnerabilities