Vulnerabilities > CVE-2004-1036

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
squirrelmail
gentoo
nessus

Summary

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-25 (SquirrelMail: Encoded text XSS vulnerability) SquirrelMail fails to properly sanitize certain strings when decoding specially crafted headers. Impact : By enticing a user to read a specially crafted e-mail, an attacker can execute arbitrary scripts running in the context of the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id15736
    published2004-11-17
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15736
    titleGLSA-200411-25 : SquirrelMail: Encoded text XSS vulnerability
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200411-25.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15736);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:41");
    
      script_cve_id("CVE-2004-1036");
      script_xref(name:"GLSA", value:"200411-25");
    
      script_name(english:"GLSA-200411-25 : SquirrelMail: Encoded text XSS vulnerability");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200411-25
    (SquirrelMail: Encoded text XSS vulnerability)
    
        SquirrelMail fails to properly sanitize certain strings when decoding
        specially crafted headers.
      
    Impact :
    
        By enticing a user to read a specially crafted e-mail, an attacker can
        execute arbitrary scripts running in the context of the victim's
        browser. This could lead to a compromise of the user's webmail account,
        cookie theft, etc.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://article.gmane.org/gmane.mail.squirrelmail.user/21169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200411-25"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All SquirrelMail users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.3a-r2'
        Note: Users with the vhosts USE flag set should manually use
        webapp-config to finalize the update."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:squirrelmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/17");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"mail-client/squirrelmail", unaffected:make_list("ge 1.4.3a-r2"), vulnerable:make_list("lt 1.4.3a-r2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SquirrelMail");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-472.NASL
    description - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-6.FC3 - FC3 - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-7 - CVE-2004-1036 Cross Site Scripting in encoded text - #112769 updated splash screens Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15842
    published2004-11-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15842
    titleFedora Core 3 : squirrelmail-1.4.3a-6.FC3 (2004-472)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-472.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15842);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2004-472");
    
      script_name(english:"Fedora Core 3 : squirrelmail-1.4.3a-6.FC3 (2004-472)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com>
        1.4.3a-6.FC3
    
        - FC3
    
      - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com>
        1.4.3a-7
    
        - CVE-2004-1036 Cross Site Scripting in encoded text
    
        - #112769 updated splash screens
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-November/000418.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cee13f47"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected squirrelmail package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squirrelmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"squirrelmail-1.4.3a-6.FC3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-471.NASL
    description - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-6.FC2 - FC2 - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-7 - CVE-2004-1036 Cross Site Scripting in encoded text - #112769 updated splash screens - Thu Oct 14 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-5 - default_folder_prefix dovecot compatible by default /etc/squirrelmail/config_local.php if you must change it - Wed Oct 13 2004 Warren Togami <wtogami at redhat.com> 1.4.3a-4 - HIGASHIYAMA Masato
    last seen2020-06-01
    modified2020-06-02
    plugin id15841
    published2004-11-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15841
    titleFedora Core 2 : squirrelmail-1.4.3a-6.FC2 (2004-471)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-471.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15841);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2004-471");
    
      script_name(english:"Fedora Core 2 : squirrelmail-1.4.3a-6.FC2 (2004-471)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com>
        1.4.3a-6.FC2
    
        - FC2
    
      - Fri Nov 19 2004 Warren Togami <wtogami at redhat.com>
        1.4.3a-7
    
        - CVE-2004-1036 Cross Site Scripting in encoded text
    
        - #112769 updated splash screens
    
      - Thu Oct 14 2004 Warren Togami <wtogami at redhat.com>
        1.4.3a-5
    
        - default_folder_prefix dovecot compatible by default
          /etc/squirrelmail/config_local.php if you must change
          it
    
      - Wed Oct 13 2004 Warren Togami <wtogami at redhat.com>
        1.4.3a-4
    
        - HIGASHIYAMA Masato's patch to improve Japanese support
          (coordinated by Scott A. Hughes).
    
      - real 1.4.3a tarball
    
      - Tue Aug 31 2004 Warren Togami <wtogami at redhat.com>
        1.4.3-2
    
        - #125638 config_local.php and default_pref in
          /etc/squirrelmail/ to match upstream RPM. This should
          allow smoother drop-in replacements and upgrades.
    
      - other spec cleanup.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-November/000417.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7f9d25ad"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected squirrelmail package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squirrelmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC2", reference:"squirrelmail-1.4.3a-6.FC2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-654.NASL
    descriptionAn updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available. SquirrelMail is a webmail package written in PHP. A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which could result in causing the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id16053
    published2004-12-27
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16053
    titleRHEL 3 : squirrelmail (RHSA-2004:654)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-001.NASL
    descriptionhe remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id16251
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16251
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-001)
  • NASL familyCGI abuses
    NASL idSQUIRRELMAIL_HTML_INJECTION_VULN2.NASL
    descriptionThe remote host is running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 1.4.4 are affected by an email HTML injection issue. A remote attacker can exploit this flaw to gain access to the users\
    last seen2020-06-01
    modified2020-06-02
    plugin id15718
    published2004-11-13
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15718
    titleSquirrelMail decodeHeader Arbitrary HTML Injection
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL
    descriptionA SquirrelMail Security Advisory reports : SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in src/webmail.php which would allow a crafted URL to include a remote web page. This was assigned CAN-2005-0103 by the Common Vulnerabilities and Exposures. Cross Site Scripting Issues A possible cross site scripting issue exists in src/webmail.php that is only accessible when the PHP installation is running with register_globals set to On. This issue was uncovered internally by the SquirrelMail Development team. This isssue was assigned CAN-2005-0104 by the Common Vulnerabilities and Exposures. A second issue which was resolved in the 1.4.4-rc1 release was uncovered and assigned CAN-2004-1036 by the Common Vulnerabilities and Exposures. This issue could allow a remote user to send a specially crafted header and cause execution of script (such as JavaScript) in the client browser. Local File Inclusion A possible local file inclusion issue was uncovered by one of our developers involving custom preference handlers. This issue is only active if the PHP installation is running with register_globals set to On.
    last seen2020-06-01
    modified2020-06-02
    plugin id18992
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18992
    titleFreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)

Oval

accepted2013-04-29T04:20:30.176-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionCross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
familyunix
idoval:org.mitre.oval:def:9592
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleCross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
version26

Redhat

rpmssquirrelmail-0:1.4.3a-7.EL3