Vulnerabilities > CVE-2006-0188 - Unspecified vulnerability in Squirrelmail

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_AF9018B6A4F511DABB410011433A9404.NASL
    descriptionMultiple vulnerabilities has been discovered since 1.4.5, including IMAP injection as well as some XSS issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21495
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21495
    titleFreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21495);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377");
    
      script_name(english:"FreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered since 1.4.5, including
    IMAP injection as well as some XSS issues."
      );
      # https://vuxml.freebsd.org/freebsd/af9018b6-a4f5-11da-bb41-0011433a9404.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?07227cd4"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:squirrelmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/02/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"squirrelmail<1.4.6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0283.NASL
    descriptionAn updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21363
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21363
    titleRHEL 3 / 4 : squirrelmail (RHSA-2006:0283)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0283. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21363);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377");
      script_bugtraq_id(16756);
      script_xref(name:"RHSA", value:"2006:0283");
    
      script_name(english:"RHEL 3 / 4 : squirrelmail (RHSA-2006:0283)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated squirrelmail package that fixes three security and many
    other bug issues is now available. This update contains bug fixes of
    upstream squirrelmail 1.4.6 with some additional improvements to
    international language support.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    SquirrelMail is a standards-based webmail package written in PHP4.
    
    A bug was found in the way SquirrelMail presents the right frame to
    the user. If a user can be tricked into opening a carefully crafted
    URL, it is possible to present the user with arbitrary HTML data.
    (CVE-2006-0188)
    
    A bug was found in the way SquirrelMail filters incoming HTML email.
    It is possible to cause a victim's web browser to request remote
    content by opening a HTML email while running a web browser that
    processes certain types of invalid style sheets. Only Internet
    Explorer is known to process such malformed style sheets.
    (CVE-2006-0195)
    
    A bug was found in the way SquirrelMail processes a request to select
    an IMAP mailbox. If a user can be tricked into opening a carefully
    crafted URL, it is possible to execute arbitrary IMAP commands as the
    user viewing their mail with SquirrelMail. (CVE-2006-0377)
    
    Users of SquirrelMail are advised to upgrade to this updated package,
    which contains SquirrelMail version 1.4.6 and is not vulnerable to
    these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0283"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected squirrelmail package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:squirrelmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/05/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0283";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"squirrelmail-1.4.6-5.el3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"squirrelmail-1.4.6-5.el4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-988.NASL
    descriptionSeveral vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0188 Martijn Brinkers and Ben Maurer found a flaw in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. - CVE-2006-0195 Martijn Brinkers and Scott Hughes discovered an interpretation conflict in the MagicHTML filter that allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1)
    last seen2020-06-01
    modified2020-06-02
    plugin id22854
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22854
    titleDebian DSA-988-1 : squirrelmail - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-988. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22854);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377");
      script_xref(name:"DSA", value:"988");
    
      script_name(english:"Debian DSA-988-1 : squirrelmail - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Squirrelmail, a
    commonly used webmail system. The Common Vulnerabilities and Exposures
    project identifies the following problems :
    
      - CVE-2006-0188
        Martijn Brinkers and Ben Maurer found a flaw in
        webmail.php that allows remote attackers to inject
        arbitrary web pages into the right frame via a URL in
        the right_frame parameter.
    
      - CVE-2006-0195
        Martijn Brinkers and Scott Hughes discovered an
        interpretation conflict in the MagicHTML filter that
        allows remote attackers to conduct cross-site scripting
        (XSS) attacks via style sheet specifiers with invalid
        (1) '/*' and '*/' comments, or (2) slashes inside the
        'url' keyword, which is processed by some web browsers
        including Internet Explorer.
    
      - CVE-2006-0377
        Vicente Aguilera of Internet Security Auditors, S.L.
        discovered a CRLF injection vulnerability, which allows
        remote attackers to inject arbitrary IMAP commands via
        newline characters in the mailbox parameter of the
        sqimap_mailbox_select command, aka 'IMAP injection.'
        There's no known way to exploit this yet."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-0188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-0195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-0377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-988"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the squirrelmail package.
    
    For the old stable distribution (woody) these problems have been fixed
    in version 1.2.6-5.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 2:1.4.4-8."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squirrelmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"squirrelmail", reference:"1.2.6-5")) flag++;
    if (deb_check(release:"3.1", prefix:"squirrelmail", reference:"2:1.4.4-8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0283.NASL
    descriptionAn updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21992
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21992
    titleCentOS 3 / 4 : squirrelmail (CESA-2006:0283)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0283 and 
    # CentOS Errata and Security Advisory 2006:0283 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21992);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377");
      script_bugtraq_id(16756);
      script_xref(name:"RHSA", value:"2006:0283");
    
      script_name(english:"CentOS 3 / 4 : squirrelmail (CESA-2006:0283)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated squirrelmail package that fixes three security and many
    other bug issues is now available. This update contains bug fixes of
    upstream squirrelmail 1.4.6 with some additional improvements to
    international language support.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    SquirrelMail is a standards-based webmail package written in PHP4.
    
    A bug was found in the way SquirrelMail presents the right frame to
    the user. If a user can be tricked into opening a carefully crafted
    URL, it is possible to present the user with arbitrary HTML data.
    (CVE-2006-0188)
    
    A bug was found in the way SquirrelMail filters incoming HTML email.
    It is possible to cause a victim's web browser to request remote
    content by opening a HTML email while running a web browser that
    processes certain types of invalid style sheets. Only Internet
    Explorer is known to process such malformed style sheets.
    (CVE-2006-0195)
    
    A bug was found in the way SquirrelMail processes a request to select
    an IMAP mailbox. If a user can be tricked into opening a carefully
    crafted URL, it is possible to execute arbitrary IMAP commands as the
    user viewing their mail with SquirrelMail. (CVE-2006-0377)
    
    Users of SquirrelMail are advised to upgrade to this updated package,
    which contains SquirrelMail version 1.4.6 and is not vulnerable to
    these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-May/012862.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c7685c0a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-May/012863.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5f96dca0"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-May/012865.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d93d7699"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-May/012867.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?731c0b4d"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-May/012877.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?630f1e62"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-May/012878.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3ffe6b73"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected squirrelmail package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:squirrelmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/05/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"squirrelmail-1.4.6-5.el3.centos.1")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"squirrelmail-1.4.6-5.el4.centos4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-133.NASL
    descriptionUpgrade to version upstream 1.4.6 which solves these issues in addition to several bugs. http://www.squirrelmail.org/changelog.php More details here. Additionally Fedora
    last seen2020-06-01
    modified2020-06-02
    plugin id20998
    published2006-03-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20998
    titleFedora Core 4 : squirrelmail-1.4.6-1.fc4 (2006-133)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200603-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200603-09 (SquirrelMail: XSS and IMAP command injection) SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting (only Internet Explorer, CVE-2006-0195). Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection (CVE-2006-0377). Impact : By exploiting the cross-site scripting vulnerabilities, an attacker can execute arbitrary scripts running in the context of the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21047
    published2006-03-13
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21047
    titleGLSA-200603-09 : SquirrelMail: XSS and IMAP command injection
  • NASL familyCGI abuses
    NASL idSQUIRRELMAIL_146.NASL
    descriptionThe installed version of SquirrelMail fails to sanitize user-supplied input to mailbox names before passing them to an IMAP server. An unauthenticated attacker may be able to leverage this issue to launch attacks against the underlying IMAP server or against a user
    last seen2020-06-01
    modified2020-06-02
    plugin id20970
    published2006-02-22
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20970
    titleSquirrelMail < 1.4.6 Multiple Vulnerabilities

Oval

accepted2013-04-29T04:05:30.594-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionwebmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
familyunix
idoval:org.mitre.oval:def:10419
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlewebmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
version26

Redhat

advisories
rhsa
idRHSA-2006:0283
rpms
  • squirrelmail-0:1.4.6-5.el3
  • squirrelmail-0:1.4.6-5.el4