Vulnerabilities > CVE-2005-0104 - Unspecified vulnerability in Squirrelmail
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2005-259.NASL description Multiple issues in squirrelmail (CVE-2005-0104) Upgrade to 1.4.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18323 published 2005-05-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18323 title Fedora Core 2 : squirrelmail-1.4.4-1.FC2 (2005-259) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-259. # include("compat.inc"); if (description) { script_id(18323); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2005-259"); script_name(english:"Fedora Core 2 : squirrelmail-1.4.4-1.FC2 (2005-259)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple issues in squirrelmail (CVE-2005-0104) Upgrade to 1.4.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-March/000807.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fa1b10b2" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"squirrelmail-1.4.4-1.FC2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); }NASL family CGI abuses NASL id SQUIRRELMAIL_144.NASL description The target is running at least one instance of SquirrelMail whose version number suggests it is affected by one or more cross-site scripting vulnerabilities : - Insufficient escaping of integer variables in webmail.php allows a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1). - Insufficient checking of incoming URL vars in webmail.php allows an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1). - A recent change in prefs.php allows an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP last seen 2020-06-01 modified 2020-06-02 plugin id 16228 published 2005-01-24 reporter This script is Copyright (C) 2005-2018 George A. Theall source https://www.tenable.com/plugins/nessus/16228 title SquirrelMail < 1.4.4 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-39.NASL description The remote host is affected by the vulnerability described in GLSA-200501-39 (SquirrelMail: Multiple vulnerabilities) SquirrelMail fails to properly sanitize certain strings when decoding specially crafted strings, which can lead to PHP file inclusion and XSS. Insufficient checking of incoming URLs in prefs.php (CAN-2005-0075) and in webmail.php (CAN-2005-0103). Insufficient escaping of integers in webmail.php (CAN-2005-0104). Impact : By sending a specially crafted URL, an attacker can execute arbitrary code from the local system with the permissions of the web server. Furthermore by enticing a user to load a specially crafted URL, it is possible to display arbitrary remote web pages in Squirrelmail last seen 2020-06-01 modified 2020-06-02 plugin id 16430 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16430 title GLSA-200501-39 : SquirrelMail: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL description A SquirrelMail Security Advisory reports : SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in src/webmail.php which would allow a crafted URL to include a remote web page. This was assigned CAN-2005-0103 by the Common Vulnerabilities and Exposures. Cross Site Scripting Issues A possible cross site scripting issue exists in src/webmail.php that is only accessible when the PHP installation is running with register_globals set to On. This issue was uncovered internally by the SquirrelMail Development team. This isssue was assigned CAN-2005-0104 by the Common Vulnerabilities and Exposures. A second issue which was resolved in the 1.4.4-rc1 release was uncovered and assigned CAN-2004-1036 by the Common Vulnerabilities and Exposures. This issue could allow a remote user to send a specially crafted header and cause execution of script (such as JavaScript) in the client browser. Local File Inclusion A possible local file inclusion issue was uncovered by one of our developers involving custom preference handlers. This issue is only active if the PHP installation is running with register_globals set to On. last seen 2020-06-01 modified 2020-06-02 plugin id 18992 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18992 title FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-135.NASL description An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting last seen 2020-06-01 modified 2020-06-02 plugin id 16370 published 2005-02-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16370 title RHEL 3 : squirrelmail (RHSA-2005:135) NASL family Fedora Local Security Checks NASL id FEDORA_2005-260.NASL description Multiple issues in squirrelmail (CVE-2005-0104) Upgrade to 1.4.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19638 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19638 title Fedora Core 3 : squirrelmail-1.4.4-1.FC3 (2005-260) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-662.NASL description Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout. For completeness below is the original advisory text : Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0104 Upstream developers noticed that an unsanitised variable could lead to cross site scripting. - CAN-2005-0152 Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail. last seen 2020-06-01 modified 2020-06-02 plugin id 16283 published 2005-02-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16283 title Debian DSA-662-2 : squirrelmail - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-099.NASL description An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting last seen 2020-06-01 modified 2020-06-02 plugin id 17185 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17185 title RHEL 4 : squirrelmail (RHSA-2005:099)
Oval
| accepted | 2013-04-29T04:06:45.403-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10568 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
- http://marc.info/?l=bugtraq&m=110702772714662&w=2
- http://secunia.com/advisories/13962/
- http://secunia.com/advisories/14096
- http://www.debian.org/security/2005/dsa-662
- http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml
- http://www.redhat.com/support/errata/RHSA-2005-099.html
- http://www.redhat.com/support/errata/RHSA-2005-135.html
- http://www.squirrelmail.org/security/issue/2005-01-20
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19036
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568