Vulnerabilities > CVE-2004-1036
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-25.NASL description The remote host is affected by the vulnerability described in GLSA-200411-25 (SquirrelMail: Encoded text XSS vulnerability) SquirrelMail fails to properly sanitize certain strings when decoding specially crafted headers. Impact : By enticing a user to read a specially crafted e-mail, an attacker can execute arbitrary scripts running in the context of the victim last seen 2020-06-01 modified 2020-06-02 plugin id 15736 published 2004-11-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15736 title GLSA-200411-25 : SquirrelMail: Encoded text XSS vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200411-25. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15736); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-1036"); script_xref(name:"GLSA", value:"200411-25"); script_name(english:"GLSA-200411-25 : SquirrelMail: Encoded text XSS vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200411-25 (SquirrelMail: Encoded text XSS vulnerability) SquirrelMail fails to properly sanitize certain strings when decoding specially crafted headers. Impact : By enticing a user to read a specially crafted e-mail, an attacker can execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's webmail account, cookie theft, etc. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.mail.squirrelmail.user/21169" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200411-25" ); script_set_attribute( attribute:"solution", value: "All SquirrelMail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.3a-r2' Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/17"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"mail-client/squirrelmail", unaffected:make_list("ge 1.4.3a-r2"), vulnerable:make_list("lt 1.4.3a-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SquirrelMail"); }NASL family Fedora Local Security Checks NASL id FEDORA_2004-472.NASL description - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-6.FC3 - FC3 - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-7 - CVE-2004-1036 Cross Site Scripting in encoded text - #112769 updated splash screens Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15842 published 2004-11-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15842 title Fedora Core 3 : squirrelmail-1.4.3a-6.FC3 (2004-472) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-472. # include("compat.inc"); if (description) { script_id(15842); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-472"); script_name(english:"Fedora Core 3 : squirrelmail-1.4.3a-6.FC3 (2004-472)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-6.FC3 - FC3 - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-7 - CVE-2004-1036 Cross Site Scripting in encoded text - #112769 updated splash screens Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-November/000418.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cee13f47" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"squirrelmail-1.4.3a-6.FC3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); }NASL family Fedora Local Security Checks NASL id FEDORA_2004-471.NASL description - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-6.FC2 - FC2 - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-7 - CVE-2004-1036 Cross Site Scripting in encoded text - #112769 updated splash screens - Thu Oct 14 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-5 - default_folder_prefix dovecot compatible by default /etc/squirrelmail/config_local.php if you must change it - Wed Oct 13 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-4 - HIGASHIYAMA Masato last seen 2020-06-01 modified 2020-06-02 plugin id 15841 published 2004-11-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15841 title Fedora Core 2 : squirrelmail-1.4.3a-6.FC2 (2004-471) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-471. # include("compat.inc"); if (description) { script_id(15841); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-471"); script_name(english:"Fedora Core 2 : squirrelmail-1.4.3a-6.FC2 (2004-471)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-6.FC2 - FC2 - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-7 - CVE-2004-1036 Cross Site Scripting in encoded text - #112769 updated splash screens - Thu Oct 14 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-5 - default_folder_prefix dovecot compatible by default /etc/squirrelmail/config_local.php if you must change it - Wed Oct 13 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-4 - HIGASHIYAMA Masato's patch to improve Japanese support (coordinated by Scott A. Hughes). - real 1.4.3a tarball - Tue Aug 31 2004 Warren Togami <wtogami at redhat.com> 1.4.3-2 - #125638 config_local.php and default_pref in /etc/squirrelmail/ to match upstream RPM. This should allow smoother drop-in replacements and upgrades. - other spec cleanup. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-November/000417.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7f9d25ad" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"squirrelmail-1.4.3a-6.FC2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-654.NASL description An updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available. SquirrelMail is a webmail package written in PHP. A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which could result in causing the victim last seen 2020-06-01 modified 2020-06-02 plugin id 16053 published 2004-12-27 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16053 title RHEL 3 : squirrelmail (RHSA-2004:654) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-001.NASL description he remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 16251 published 2005-01-26 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16251 title Mac OS X Multiple Vulnerabilities (Security Update 2005-001) NASL family CGI abuses NASL id SQUIRRELMAIL_HTML_INJECTION_VULN2.NASL description The remote host is running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 1.4.4 are affected by an email HTML injection issue. A remote attacker can exploit this flaw to gain access to the users\ last seen 2020-06-01 modified 2020-06-02 plugin id 15718 published 2004-11-13 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15718 title SquirrelMail decodeHeader Arbitrary HTML Injection NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL description A SquirrelMail Security Advisory reports : SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in src/webmail.php which would allow a crafted URL to include a remote web page. This was assigned CAN-2005-0103 by the Common Vulnerabilities and Exposures. Cross Site Scripting Issues A possible cross site scripting issue exists in src/webmail.php that is only accessible when the PHP installation is running with register_globals set to On. This issue was uncovered internally by the SquirrelMail Development team. This isssue was assigned CAN-2005-0104 by the Common Vulnerabilities and Exposures. A second issue which was resolved in the 1.4.4-rc1 release was uncovered and assigned CAN-2004-1036 by the Common Vulnerabilities and Exposures. This issue could allow a remote user to send a specially crafted header and cause execution of script (such as JavaScript) in the client browser. Local File Inclusion A possible local file inclusion issue was uncovered by one of our developers involving custom preference handlers. This issue is only active if the PHP installation is running with register_globals set to On. last seen 2020-06-01 modified 2020-06-02 plugin id 18992 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18992 title FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)
Oval
| accepted | 2013-04-29T04:20:30.176-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:9592 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | ||||||||
| version | 26 |
Redhat
| rpms | squirrelmail-0:1.4.3a-7.EL3 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905
- http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
- http://marc.info/?l=bugtraq&m=110012133608004&w=2
- http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff
- http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml
- http://www.squirrelmail.org/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18031
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592