Vulnerabilities > CVE-2005-0075 - Unspecified vulnerability in Squirrelmail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
Vulnerable Configurations
Nessus
NASL family CGI abuses NASL id SQUIRRELMAIL_144.NASL description The target is running at least one instance of SquirrelMail whose version number suggests it is affected by one or more cross-site scripting vulnerabilities : - Insufficient escaping of integer variables in webmail.php allows a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1). - Insufficient checking of incoming URL vars in webmail.php allows an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1). - A recent change in prefs.php allows an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP last seen 2020-06-01 modified 2020-06-02 plugin id 16228 published 2005-01-24 reporter This script is Copyright (C) 2005-2018 George A. Theall source https://www.tenable.com/plugins/nessus/16228 title SquirrelMail < 1.4.4 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-39.NASL description The remote host is affected by the vulnerability described in GLSA-200501-39 (SquirrelMail: Multiple vulnerabilities) SquirrelMail fails to properly sanitize certain strings when decoding specially crafted strings, which can lead to PHP file inclusion and XSS. Insufficient checking of incoming URLs in prefs.php (CAN-2005-0075) and in webmail.php (CAN-2005-0103). Insufficient escaping of integers in webmail.php (CAN-2005-0104). Impact : By sending a specially crafted URL, an attacker can execute arbitrary code from the local system with the permissions of the web server. Furthermore by enticing a user to load a specially crafted URL, it is possible to display arbitrary remote web pages in Squirrelmail last seen 2020-06-01 modified 2020-06-02 plugin id 16430 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16430 title GLSA-200501-39 : SquirrelMail: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL description A SquirrelMail Security Advisory reports : SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in src/webmail.php which would allow a crafted URL to include a remote web page. This was assigned CAN-2005-0103 by the Common Vulnerabilities and Exposures. Cross Site Scripting Issues A possible cross site scripting issue exists in src/webmail.php that is only accessible when the PHP installation is running with register_globals set to On. This issue was uncovered internally by the SquirrelMail Development team. This isssue was assigned CAN-2005-0104 by the Common Vulnerabilities and Exposures. A second issue which was resolved in the 1.4.4-rc1 release was uncovered and assigned CAN-2004-1036 by the Common Vulnerabilities and Exposures. This issue could allow a remote user to send a specially crafted header and cause execution of script (such as JavaScript) in the client browser. Local File Inclusion A possible local file inclusion issue was uncovered by one of our developers involving custom preference handlers. This issue is only active if the PHP installation is running with register_globals set to On. last seen 2020-06-01 modified 2020-06-02 plugin id 18992 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18992 title FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-135.NASL description An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting last seen 2020-06-01 modified 2020-06-02 plugin id 16370 published 2005-02-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16370 title RHEL 3 : squirrelmail (RHSA-2005:135) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-099.NASL description An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting last seen 2020-06-01 modified 2020-06-02 plugin id 17185 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17185 title RHEL 4 : squirrelmail (RHSA-2005:099)
Oval
| accepted | 2013-04-29T04:20:27.805-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9587 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
- http://marc.info/?l=bugtraq&m=110702772714662&w=2
- http://secunia.com/advisories/13962/
- http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml
- http://www.redhat.com/support/errata/RHSA-2005-099.html
- http://www.redhat.com/support/errata/RHSA-2005-135.html
- http://www.squirrelmail.org/security/issue/2005-01-14
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587