Vulnerabilities > CVE-2006-0188 - Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

squirrelmail

nessus

NVD

Published: 2006-02-24

Updated: 2017-10-11

Summary

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Vulnerable Configurations

Part	Description	Count
Application	Squirrelmail Squirrelmail Squirrelmail 1.4 Squirrelmail Squirrelmail 1.4.1 Squirrelmail Squirrelmail 1.4.2 Squirrelmail Squirrelmail 1.4.3 Squirrelmail Squirrelmail 1.4.3_R3 Squirrelmail Squirrelmail 1.4.3_Rc1 Squirrelmail Squirrelmail 1.4.3A Squirrelmail Squirrelmail 1.4.4 Squirrelmail Squirrelmail 1.4.4_Rc1 Squirrelmail Squirrelmail 1.4.5 Squirrelmail Squirrelmail 1.4.6_Rc1 Squirrelmail Squirrelmail 1.4_Rc1	12

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_AF9018B6A4F511DABB410011433A9404.NASL
description	Multiple vulnerabilities has been discovered since 1.4.5, including IMAP injection as well as some XSS issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	21495
published	2006-05-13
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21495
title	FreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(21495); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377"); script_name(english:"FreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been discovered since 1.4.5, including IMAP injection as well as some XSS issues." ); # https://vuxml.freebsd.org/freebsd/af9018b6-a4f5-11da-bb41-0011433a9404.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?07227cd4" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/23"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"squirrelmail<1.4.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0283.NASL
description	An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim
last seen	2020-06-01
modified	2020-06-02
plugin id	21363
published	2006-05-13
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21363
title	RHEL 3 / 4 : squirrelmail (RHSA-2006:0283)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0283. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(21363); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377"); script_bugtraq_id(16756); script_xref(name:"RHSA", value:"2006:0283"); script_name(english:"RHEL 3 / 4 : squirrelmail (RHSA-2006:0283)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195) A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377) Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0188" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0195" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0377" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0283" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/23"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3\|4)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0283"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"squirrelmail-1.4.6-5.el3")) flag++; if (rpm_check(release:"RHEL4", reference:"squirrelmail-1.4.6-5.el4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); } }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-988.NASL
description	Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0188 Martijn Brinkers and Ben Maurer found a flaw in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. - CVE-2006-0195 Martijn Brinkers and Scott Hughes discovered an interpretation conflict in the MagicHTML filter that allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1)
last seen	2020-06-01
modified	2020-06-02
plugin id	22854
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22854
title	Debian DSA-988-1 : squirrelmail - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-988. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22854); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377"); script_xref(name:"DSA", value:"988"); script_name(english:"Debian DSA-988-1 : squirrelmail - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0188 Martijn Brinkers and Ben Maurer found a flaw in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. - CVE-2006-0195 Martijn Brinkers and Scott Hughes discovered an interpretation conflict in the MagicHTML filter that allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) '/' and '/' comments, or (2) slashes inside the 'url' keyword, which is processed by some web browsers including Internet Explorer. - CVE-2006-0377 Vicente Aguilera of Internet Security Auditors, S.L. discovered a CRLF injection vulnerability, which allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka 'IMAP injection.' There's no known way to exploit this yet." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354062" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354063" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354064" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355424" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0188" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0195" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0377" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-988" ); script_set_attribute( attribute:"solution", value: "Upgrade the squirrelmail package. For the old stable distribution (woody) these problems have been fixed in version 1.2.6-5. For the stable distribution (sarge) these problems have been fixed in version 2:1.4.4-8." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"squirrelmail", reference:"1.2.6-5")) flag++; if (deb_check(release:"3.1", prefix:"squirrelmail", reference:"2:1.4.4-8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2006-0283.NASL
description	An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim
last seen	2020-06-01
modified	2020-06-02
plugin id	21992
published	2006-07-05
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21992
title	CentOS 3 / 4 : squirrelmail (CESA-2006:0283)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0283 and # CentOS Errata and Security Advisory 2006:0283 respectively. # include("compat.inc"); if (description) { script_id(21992); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-0188", "CVE-2006-0195", "CVE-2006-0377"); script_bugtraq_id(16756); script_xref(name:"RHSA", value:"2006:0283"); script_name(english:"CentOS 3 / 4 : squirrelmail (CESA-2006:0283)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195) A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377) Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012862.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c7685c0a" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012863.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5f96dca0" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012865.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d93d7699" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012867.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?731c0b4d" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012877.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?630f1e62" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012878.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3ffe6b73" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/23"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3\|4)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"squirrelmail-1.4.6-5.el3.centos.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"squirrelmail-1.4.6-5.el4.centos4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2006-133.NASL
description	Upgrade to version upstream 1.4.6 which solves these issues in addition to several bugs. http://www.squirrelmail.org/changelog.php More details here. Additionally Fedora
last seen	2020-06-01
modified	2020-06-02
plugin id	20998
published	2006-03-06
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20998
title	Fedora Core 4 : squirrelmail-1.4.6-1.fc4 (2006-133)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200603-09.NASL
description	The remote host is affected by the vulnerability described in GLSA-200603-09 (SquirrelMail: XSS and IMAP command injection) SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting (only Internet Explorer, CVE-2006-0195). Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection (CVE-2006-0377). Impact : By exploiting the cross-site scripting vulnerabilities, an attacker can execute arbitrary scripts running in the context of the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	21047
published	2006-03-13
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21047
title	GLSA-200603-09 : SquirrelMail: XSS and IMAP command injection

NASL family	CGI abuses
NASL id	SQUIRRELMAIL_146.NASL
description	The installed version of SquirrelMail fails to sanitize user-supplied input to mailbox names before passing them to an IMAP server. An unauthenticated attacker may be able to leverage this issue to launch attacks against the underlying IMAP server or against a user
last seen	2020-06-01
modified	2020-06-02
plugin id	20970
published	2006-02-22
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20970
title	SquirrelMail < 1.4.6 Multiple Vulnerabilities

Oval

accepted

2013-04-29T04:05:30.594-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10419

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2006:0283

rpms

squirrelmail-0:1.4.6-5.el3
squirrelmail-0:1.4.6-5.el4

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References