Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0283
HistoryMay 03, 2006 - 5:43 p.m.

squirrelmail security update

2006-05-0317:43:37
CentOS Project
lists.centos.org
56

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON

CentOS Errata and Security Advisory CESA-2006:0283

SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail presents the right frame to the
user. If a user can be tricked into opening a carefully crafted URL, it is
possible to present the user with arbitrary HTML data. (CVE-2006-0188)

A bug was found in the way SquirrelMail filters incoming HTML email. It is
possible to cause a victim’s web browser to request remote content by
opening a HTML email while running a web browser that processes certain
types of invalid style sheets. Only Internet Explorer is known to process
such malformed style sheets. (CVE-2006-0195)

A bug was found in the way SquirrelMail processes a request to select an
IMAP mailbox. If a user can be tricked into opening a carefully crafted
URL, it is possible to execute arbitrary IMAP commands as the user viewing
their mail with SquirrelMail. (CVE-2006-0377)

Users of SquirrelMail are advised to upgrade to this updated package, which
contains SquirrelMail version 1.4.6 and is not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-May/075024.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075025.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075027.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075029.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075033.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075035.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075036.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075039.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075040.html

Affected packages:
squirrelmail

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0283

OSVersionArchitecturePackageVersionFilename
CentOS3noarchsquirrelmail< 1.4.6-5.el3.centos.1squirrelmail-1.4.6-5.el3.centos.1.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.6-5.el3.centos.1squirrelmail-1.4.6-5.el3.centos.1.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.6-5.el4.centos4squirrelmail-1.4.6-5.el4.centos4.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.6-5.el3.centos.1squirrelmail-1.4.6-5.el3.centos.1.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.6-5.el4.centos4squirrelmail-1.4.6-5.el4.centos4.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.6-5.el4.centos4squirrelmail-1.4.6-5.el4.centos4.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.6-5.el4.centos4squirrelmail-1.4.6-5.el4.centos4.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.6-5.el3.centos.1squirrelmail-1.4.6-5.el3.centos.1.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.6-5.el3.centos.1squirrelmail-1.4.6-5.el3.centos.1.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.6-5.el4.centos4squirrelmail-1.4.6-5.el4.centos4.noarch.rpm
Rows per page:
1-10 of 111

Related

nessus 7
openvas 6
freebsd 1
redhat 1
securityvulns 2
debian 2
osv 1
gentoo 1
prion 3
ubuntucve 3
packetstorm 1
cve 3
jvn 1
nessus
nessus
Fedora Core 4 : squirrelmail-1.4.6-1.fc4 (2006-133)
2006-03-06 00:00:00
GLSA-200603-09 : SquirrelMail: XSS and IMAP command injection
2006-03-13 00:00:00
SquirrelMail < 1.4.6 Multiple Vulnerabilities
2006-02-22 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200603-09 (squirrelmail)
2008-09-24 00:00:00
FreeBSD Ports: squirrelmail
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200603-09 (squirrelmail)
2008-09-24 00:00:00
freebsd
freebsd
squirrelmail -- multiple vulnerabilities
2006-02-23 00:00:00
redhat
redhat
(RHSA-2006:0283) squirrelmail security update
2006-05-03 00:00:00
securityvulns
securityvulns
[ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities
2006-02-28 00:00:00
[ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail
2006-02-28 00:00:00
debian
debian
[SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities
2006-03-08 16:42:11
[SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities
2006-03-08 16:42:11
osv
osv
squirrelmail - several
2006-03-08 00:00:00
gentoo
gentoo
SquirrelMail: Cross-site scripting and IMAP command injection
2006-03-12 00:00:00
prion
prion
Crlf injection
2006-02-24 00:02:00
Cross site scripting
2006-02-24 00:02:00
Cross site scripting
2006-02-24 00:02:00
ubuntucve
ubuntucve
CVE-2006-0377
2006-02-24 00:00:00
CVE-2006-0188
2006-02-24 00:00:00
CVE-2006-0195
2006-02-24 00:00:00
packetstorm
packetstorm
SquirrelFlaws.txt
2006-03-02 00:00:00
cve
cve
CVE-2006-0377
2006-02-24 00:02:00
CVE-2006-0188
2006-02-24 00:02:00
CVE-2006-0195
2006-02-24 00:02:00
jvn
jvn
JVN#83263796 SquirrelMail cross-site scripting vulnerability
2006-04-21 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON
Related for CESA-2006:0283
nessus7openvas6freebsd1redhat1securityvulns2debian2osv1gentoo1prion3ubuntucve3packetstorm1cve3jvn1