Vulnerabilities > CVE-2005-2724 - Unspecified vulnerability in Inter7 Sqwebmail

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
inter7
nessus

Summary

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-201-1.NASL
    descriptionSeveral Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the
    last seen2020-06-01
    modified2020-06-02
    plugin id20617
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20617
    titleUbuntu 4.10 / 5.04 : courier vulnerabilities (USN-201-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-201-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20617);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-2724", "CVE-2005-2769", "CVE-2005-2820");
      script_xref(name:"USN", value:"201-1");
    
      script_name(english:"Ubuntu 4.10 / 5.04 : courier vulnerabilities (USN-201-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several Cross Site Scripting vulnerabilities were discovered in
    SqWebmail. A remote attacker could exploit this to execute arbitrary
    JavaScript or other active HTML embeddable content in the web browser
    of an SqWebmail user by sending specially crafted emails to him.
    
    Please note that the 'sqwebmail' package is not officially supported
    by Ubuntu (it is in the 'universe' section of the archive).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-authdaemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-authmysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-authpostgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-faxmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-imap-ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-maildrop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-mlm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-mta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-mta-ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-pcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-pop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-pop-ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-webadmin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sqwebmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"courier-authdaemon", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-authmysql", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-authpostgresql", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-base", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-doc", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-faxmail", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-imap", pkgver:"3.0.5-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-imap-ssl", pkgver:"3.0.5-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-ldap", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-maildrop", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-mlm", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-mta", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-mta-ssl", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-pcp", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-pop", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-pop-ssl", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-ssl", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"courier-webadmin", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"sqwebmail", pkgver:"0.45.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-authdaemon", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-authmysql", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-authpostgresql", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-base", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-doc", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-faxmail", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-imap", pkgver:"3.0.8-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-imap-ssl", pkgver:"3.0.8-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-ldap", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-maildrop", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-mlm", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-mta", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-mta-ssl", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-pcp", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-pop", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-pop-ssl", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-ssl", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"courier-webadmin", pkgver:"0.47-3ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"sqwebmail", pkgver:"0.47-3ubuntu1.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "courier-authdaemon / courier-authmysql / courier-authpostgresql / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-793.NASL
    descriptionJakob Balle discovered a vulnerability in the handling of attachments in sqwebmail, a web mail application provided by the courier mail suite, which can be exploited by an attacker to conduct script insertion attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id19563
    published2005-09-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19563
    titleDebian DSA-793-1 : courier - missing input sanitising
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-793. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19563);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2005-2724", "CVE-2005-2769", "CVE-2005-2820");
      script_bugtraq_id(14676);
      script_xref(name:"DSA", value:"793");
    
      script_name(english:"Debian DSA-793-1 : courier - missing input sanitising");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jakob Balle discovered a vulnerability in the handling of attachments
    in sqwebmail, a web mail application provided by the courier mail
    suite, which can be exploited by an attacker to conduct script
    insertion attacks."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325631"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-793"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the sqwebmail package.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 0.37.3-2.6.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 0.47-4sarge2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:courier");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/09/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/06");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"courier-authdaemon", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-authmysql", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-base", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-debug", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-doc", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-imap", reference:"1.4.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-ldap", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-maildrop", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-mlm", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-mta", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-pcp", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-pop", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"courier-webadmin", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.0", prefix:"sqwebmail", reference:"0.37.3-2.6")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-authdaemon", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-authmysql", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-authpostgresql", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-base", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-doc", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-faxmail", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-imap", reference:"3.0.8-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-imap-ssl", reference:"3.0.8-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-ldap", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-maildrop", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-mlm", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-mta", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-mta-ssl", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-pcp", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-pop", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-pop-ssl", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-ssl", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"courier-webadmin", reference:"0.47-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"sqwebmail", reference:"0.47-4sarge2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");