Vulnerabilities > CVE-2005-2095 - Unspecified vulnerability in Squirrelmail
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
Vulnerable Configurations
Exploit-Db
| description | SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite. CVE-2005-2095. Webapps exploit for PHP platform |
| id | EDB-ID:43830 |
| last seen | 2018-01-24 |
| modified | 2015-07-14 |
| published | 2015-07-14 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43830/ |
| title | SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite |
Nessus
NASL family CGI abuses NASL id SQUIRRELMAIL_145.NASL description According to its banner, the version of SquirrelMail installed on the remote host is prone to multiple flaws : - Post Variable Handling Vulnerabilities Using specially crafted POST requests, an attacker may be able to set random variables in the file last seen 2020-06-01 modified 2020-06-02 plugin id 18504 published 2005-06-16 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18504 title SquirrelMail < 1.45 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18504); script_version("1.20"); script_cve_id("CVE-2005-1769", "CVE-2005-2095"); script_bugtraq_id(13973, 14254); name["english"] = "SquirrelMail < 1.45 Multiple Vulnerabilities"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "According to its banner, the version of SquirrelMail installed on the remote host is prone to multiple flaws : - Post Variable Handling Vulnerabilities Using specially crafted POST requests, an attacker may be able to set random variables in the file 'options_identities.php', which could lead to accessing other users' preferences, cross-site scripting attacks, and writing to arbitrary files. - Multiple Cross-Site Scripting Vulnerabilities Using a specially crafted URL or email message, an attacker may be able to exploit these flaws, stealing cookie-based session identifiers and thereby hijacking SquirrelMail sessions." ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?74e2c299" ); script_set_attribute(attribute:"see_also", value:"http://www.squirrelmail.org/security/issue/2005-06-15" ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/405202" ); script_set_attribute(attribute:"see_also", value:"http://www.squirrelmail.org/security/issue/2005-07-13" ); script_set_attribute(attribute:"solution", value: "Upgrade to SquirrelMail 1.45 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/16"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/15"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:squirrelmail:squirrelmail"); script_end_attributes(); summary["english"] = "Checks for multiple vulnerabilities in SquirrelMail < 1.45"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_dependencies("squirrelmail_detect.nasl"); script_require_keys("www/squirrelmail"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_php(port:port)) exit(0); # Test an install. install = get_kb_item(string("www/", port, "/squirrelmail")); if (isnull(install)) exit(1); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { ver = matches[1]; # There's a problem if the version is < 1.45. if (ver =~ "^1\.([0-3]\.|4\.[0-4]([^0-9]|$))") { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); } }NASL family Fedora Local Security Checks NASL id FEDORA_2005-779.NASL description It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. This snapshot worked on my personal server for the past week, so hopefully it will be good for everyone else too. CVE-2005-1769 and CVE-2005-2095 security issues are solved in this update. Please report regressions in behavior from our previous 1.4.4 package to Red Hat Bugzilla, product Fedora Core. All other squirrelmail bugs please report upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19482 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19482 title Fedora Core 3 : squirrelmail-1.4.6-0.cvs20050812.1.fc3 (2005-779) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-779. # include("compat.inc"); if (description) { script_id(19482); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2005-779"); script_name(english:"Fedora Core 3 : squirrelmail-1.4.6-0.cvs20050812.1.fc3 (2005-779)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. This snapshot worked on my personal server for the past week, so hopefully it will be good for everyone else too. CVE-2005-1769 and CVE-2005-2095 security issues are solved in this update. Please report regressions in behavior from our previous 1.4.4 package to Red Hat Bugzilla, product Fedora Core. All other squirrelmail bugs please report upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-August/001279.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?827eeed5" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"squirrelmail-1.4.6-0.cvs20050812.1.fc3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-595.NASL description An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user last seen 2020-06-01 modified 2020-06-02 plugin id 19381 published 2005-08-04 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19381 title RHEL 3 / 4 : squirrelmail (RHSA-2005:595) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:595. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(19381); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1769", "CVE-2005-2095"); script_bugtraq_id(13973, 14254); script_xref(name:"RHSA", value:"2005:595"); script_name(english:"RHEL 3 / 4 : squirrelmail (RHSA-2005:595)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1769" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2095" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:595" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/16"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:595"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"squirrelmail-1.4.3a-11.EL3")) flag++; if (rpm_check(release:"RHEL4", reference:"squirrelmail-1.4.3a-12.EL4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); } }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-007.NASL description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib last seen 2020-06-01 modified 2020-06-02 plugin id 19463 published 2005-08-18 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19463 title Mac OS X Multiple Vulnerabilities (Security Update 2005-007) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if(description) { script_id(19463); script_version ("1.15"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-1344", "CVE-2004-0942", "CVE-2004-0885", "CVE-2004-1083", "CVE-2004-1084", "CVE-2005-2501", "CVE-2005-2502", "CVE-2005-2503", "CVE-2005-2504", "CVE-2005-2505", "CVE-2005-2506", "CVE-2005-2525", "CVE-2005-2526", "CVE-2005-2507", "CVE-2005-2508", "CVE-2005-2519", "CVE-2005-2513", "CVE-2004-1189", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1689", "CVE-2005-2511", "CVE-2005-2509", "CVE-2005-2512", "CVE-2005-2745", "CVE-2005-0709", "CVE-2005-0710", "CVE-2005-0711", "CVE-2004-0079", "CVE-2004-0112", "CVE-2005-2514", "CVE-2005-2515", "CVE-2005-2516", "CVE-2005-2517", "CVE-2005-2524", "CVE-2005-2520", "CVE-2005-2518", "CVE-2005-2510", "CVE-2005-1769", "CVE-2005-2095", "CVE-2005-2521", "CVE-2005-2522", "CVE-2005-2523", "CVE-2005-0605", "CVE-2005-2096", "CVE-2005-1849"); script_bugtraq_id(14567, 14569); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-007)"); script_summary(english:"Check for Security Update 2005-007"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib" ); # http://web.archive.org/web/20060406190355/http://docs.info.apple.com/article.html?artnum=302163 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?74ffa359" ); script_set_attribute(attribute:"solution", value: "!Install Security Update 2005-007." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/18"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/12"); script_set_attribute(attribute:"patch_publication_date", value: "2005/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.4.2 if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.2\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?2005-007", string:packages)) security_hole(0); }NASL family Fedora Local Security Checks NASL id FEDORA_2005-780.NASL description It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. This snapshot worked on my personal server for the past week, so hopefully it will be good for everyone else too. CVE-2005-1769 and CVE-2005-2095 security issues are solved in this update. Please report regressions in behavior from our previous 1.4.4 package to Red Hat Bugzilla, product Fedora Core. All other squirrelmail bugs please report upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19483 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19483 title Fedora Core 4 : squirrelmail-1.4.6-0.cvs20050812.1.fc4 (2005-780) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-595.NASL description An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user last seen 2020-06-01 modified 2020-06-02 plugin id 21950 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21950 title CentOS 3 / 4 : SquirrelMail (CESA-2005:595) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7D52081F279511DABC01000E0C2E438A.NASL description A Squirrelmail Advisory reports : An extract($_POST) was done in options_identities.php which allowed for an attacker to set random variables in that file. This could lead to the reading (and possible writing) of other people last seen 2020-06-01 modified 2020-06-02 plugin id 21456 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21456 title FreeBSD : squirrelmail -- _$POST variable handling allows for various attacks (7d52081f-2795-11da-bc01-000e0c2e438a) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-756.NASL description Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1769 Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML in the URL and e-mail messages. - CAN-2005-2095 James Bercegay of GulfTech Security discovered a vulnerability in the variable handling which could lead to attackers altering other people last seen 2020-06-01 modified 2020-06-02 plugin id 19196 published 2005-07-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19196 title Debian DSA-756-1 : squirrelmail - several vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-595-02.NASL description An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user last seen 2020-06-01 modified 2020-06-02 plugin id 67029 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67029 title CentOS 3 / 4 : SquirrelMail (CESA-2005:595-02)
Oval
| accepted | 2013-04-29T04:06:11.499-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10500 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
- http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
- http://www.debian.org/security/2005/dsa-756
- http://www.gulftech.org/?node=research&article_id=00090-07142005
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-595.html
- http://www.securityfocus.com/archive/1/405200
- http://www.securityfocus.com/archive/1/405202
- http://www.securityfocus.com/bid/14254
- http://www.squirrelmail.org/security/issue/2005-07-13
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21359
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500