ID CVE-2006-0377 Type cve Reporter cve@mitre.org Modified 2017-10-11T01:30:00
Description
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
{"osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.squirrelmail.org/\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc)\n[Secunia Advisory ID:19960](https://secuniaresearch.flexerasoftware.com/advisories/19960/)\n[Secunia Advisory ID:20210](https://secuniaresearch.flexerasoftware.com/advisories/20210/)\nRedHat RHSA: RHSA-2006:0283\nOther Advisory URL: http://www.securiteam.com/unixfocus/5PP0920I0I.html\n[CVE-2006-0377](https://vulners.com/cve/CVE-2006-0377)\n", "modified": "2006-03-07T02:10:37", "published": "2006-03-07T02:10:37", "href": "https://vulners.com/osvdb/OSVDB:23878", "id": "OSVDB:23878", "title": "SquirrelMail compose.php Subject Field Arbitrary SMTP Command Injection", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 1.4.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.squirrelmail.org/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml)\n[Vendor Specific Advisory URL](http://www.squirrelmail.org/security/issue/2006-02-15)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006_05_sr.html)\nSecurity Tracker: 1015662\n[Secunia Advisory ID:18985](https://secuniaresearch.flexerasoftware.com/advisories/18985/)\n[Secunia Advisory ID:19130](https://secuniaresearch.flexerasoftware.com/advisories/19130/)\n[Secunia Advisory ID:19960](https://secuniaresearch.flexerasoftware.com/advisories/19960/)\n[Secunia Advisory ID:20210](https://secuniaresearch.flexerasoftware.com/advisories/20210/)\n[Secunia Advisory ID:19131](https://secuniaresearch.flexerasoftware.com/advisories/19131/)\n[Secunia Advisory ID:19176](https://secuniaresearch.flexerasoftware.com/advisories/19176/)\n[Secunia Advisory ID:19205](https://secuniaresearch.flexerasoftware.com/advisories/19205/)\n[Related OSVDB ID: 23385](https://vulners.com/osvdb/OSVDB:23385)\n[Related OSVDB ID: 23384](https://vulners.com/osvdb/OSVDB:23384)\nRedHat RHSA: RHSA-2006:0283\nOther Advisory URL: http://www.debian.org/security/2006/dsa-988\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0513.html\n[CVE-2006-0377](https://vulners.com/cve/CVE-2006-0377)\n", "modified": "2006-02-15T06:20:53", "published": "2006-02-15T06:20:53", "href": "https://vulners.com/osvdb/OSVDB:23386", "id": "OSVDB:23386", "title": "SquirrelMail sqimap_mailbox_select mailbox Parameter Arbitrary IMAP Command Injection", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:16", "bulletinFamily": "software", "description": "=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2006-002\r\n- Original release date: February 27, 2006\r\n- Last revised: February 27, 2006\r\n- Discovered by: Vicente Aguilera Diaz\r\n- Severity: 3/5\r\n=============================================\r\nI. VULNERABILITY\r\n-------------------------\r\nIMAP/SMTP Injection in SquirrelMail\r\n\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nSquirrelMail is a standards-based webmail package written in PHP4. It\r\nincludes built-in pure PHP support for the IMAP and SMTP protocols,\r\nand all pages render in pure HTML 4.0 (with no JavaScript required)\r\nfor maximum compatibility across browsers. It has very few\r\nrequirements and is very easy to configure and install. SquirrelMail\r\nhas all the functionality you would want from an email client,\r\nincluding strong MIME support, address books, and folder manipulation.\r\nThe product homepage is http://www.squirrelmail.org.\r\n\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nSquirrelMail provides a graphical interface to interact with mail\r\nservers across the IMAP and SMTP protocols.\r\nImproper command and information validation transmitted by\r\nSquirrelMail to the mail servers during the normal use of this\r\napplication (mailbox management, e-mail reading and sending, etc.)\r\nfacilitates that an authenticate malicious user could inject arbitrary\r\nIMAP/SMTP commands into the mail servers used by SquirrelMail across\r\nparameters used by the webmail front-ent in its communication with\r\nthese mail servers.\r\nThis is become dangerous because the injection of these commands\r\nallows an intruder to evade restrictions imposed at application level,\r\nand exploit vulnerabilities that could exist in the mail servers\r\nthrough IMAP/SMTP commands.\r\n\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\n\r\n== IMAP example (1.4.2 version) =============\r\nSquirrelMail Vulnerable parameter: "mailbox"\r\n\r\nWhen a user clicks in the subject of an e-mail, he creates a GET\r\nrequest as:\r\nhttp://<victim>/src/read_body.php?mailbox=INBOX&passed_id=1&startMessage=1&show_more=0\r\n\r\nA malicious user can modify the value of the "mailbox" parameter and\r\ninject any IMAP command.\r\nThe IMAP command injection has the following structure:\r\nhttp://<victim>/src/read_body.php?mailbox=INBOX%22%0D%0<ID>\r\n<INJECT_IMAP_COMMAND_HERE>%0D%0A<ID>\r\n%20SELECT%20%22INBOX&passed_id=<CODE>&startMessage=1\r\n\r\nExample:\r\nInjection of the RENAME IMAP command across the "mailbox" parameter:\r\nhttp://<victim>/src/read_body.php?mailbox=INBOX%22%0D%0AZ900%20RENAME%20Trash%20Basura%0d%0aZ910%20SELECT%20%22INBOX&passed_id=22197&startMessage=1\r\n\r\n\r\n\r\n== SMTP example (1.2.7 version) =============\r\nSquirrelMail Vulnerable parameter: "subject" (and possibly others)\r\n\r\nWhen a user send a message, he create a POST request like:\r\nPOST http://<victim>/src/compose.php HTTP/1.1\r\n\r\n...\r\n-----------------------------84060780712450133071594948441\r\nContent-Disposition: form-data; name="subject"\r\n\r\nProof of Concept\r\n-----------------------------84060780712450133071594948441\r\n...\r\n\r\nA malicious user can modify the value of the "subject" parameter and\r\ninject any SMTP command.\r\nExample: Relay from a non-existent e-mail address\r\n\r\n...\r\n-----------------------------84060780712450133071594948441\r\nContent-Disposition: form-data; name="subject"\r\n\r\nProof of Concept%0d%0a.%0d%0a%0d%0amail from:\r\nhacker@domain.com%0d%0arcpt to:\r\nvictim@otherdomain.com%0d%0adata%0d%0aThis is a proof of concept of\r\nthe SMTP command injection in SquirrelMail%0d%0a.%0d%0a\r\n-----------------------------84060780712450133071594948441\r\n...\r\n\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nThe IMAP/SMTP command injection allow relay, SPAM, exploit IMAP and\r\nSMTP vulnerabilities in the mail servers and evade all the\r\nrestrictions at the application layer.\r\n\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nIMAP Injection: All versions prior to 1.4.6.\r\nSMTP Injection: SquirrelMail 1.2.7 (and older versions).\r\n\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nReplace \r and \n from $mailbox in the function sqimap_mailbox_select.\r\nPatch available: http://www.squirrelmail.org/security/issue/2006-02-15\r\n\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\n- http://www.squirrelmail.org/security/issue/2006-02-15\r\n- CVE-2006-0377\r\n\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered and reported by Vicente\r\nAguilera Diaz (vaguilera=at=isecauditors=dot=com).\r\n\r\n\r\nX. REVISION HISTORY\r\n-------------------------\r\nJanuary 12, 2006: Initial release\r\nJanuary 20, 2006: Disclosure timeline updated\r\nFebruary 16, 2006: Disclosure timeline updated\r\nFebruary 27, 2006: Disclosure timeline updated\r\n\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nDecember, 2005 Vulnerability acquired by Vicente Aguilera Diaz\r\n (Internet Security Auditors)\r\nJanuary 12, 2006 Initial vendor notification sent.\r\nJanuary 19, 2006 The vulnerability is fixed in 1.4.6 cvs and\r\n 1.5.1 cvs.\r\nFebruary 15, 2006 The vendor published the vulnerability in the\r\n security section.\r\nFebruary 25, 2006 The CVE-2006-0377 is updated.\r\n\r\n", "modified": "2006-02-28T00:00:00", "published": "2006-02-28T00:00:00", "id": "SECURITYVULNS:DOC:11615", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11615", "title": "[ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:16", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2006:049\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : squirrelmail\r\n Date : February 27, 2006\r\n Affected: Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to\r\n inject arbitrary web pages into the right frame via a URL in the\r\n right_frame parameter. NOTE: this has been called a cross-site\r\n scripting (XSS) issue, but it is different than what is normally\r\n identified as XSS. (CVE-2006-0188)\r\n \r\n Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0\r\n to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS)\r\n attacks via style sheet specifiers with invalid (1) "/*" and "*/"\r\n comments, or (2) a newline in a "url" specifier, which is processed by\r\n certain web browsers including Internet Explorer. (CVE-2006-0195)\r\n \r\n CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows\r\n remote attackers to inject arbitrary IMAP commands via newline\r\n characters in the mailbox parameter of the sqimap_mailbox_select\r\n command, aka "IMAP injection." (CVE-2006-0377)\r\n \r\n Updated packages are patched to address these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Corporate 3.0:\r\n a8a4f0d87a51ad6507b022d0969090b7 corporate/3.0/RPMS/squirrelmail-1.4.5-1.2.C30mdk.noarch.rpm\r\n 4c2c56ffffe0613d8357dc3f3b83558b corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.2.C30mdk.noarch.rpm\r\n ffab86ae7438d6f23bd934d17d38c41f corporate/3.0/SRPMS/squirrelmail-1.4.5-1.2.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n ef2a5ee98b793f81be3e87ec8efb1f30 x86_64/corporate/3.0/RPMS/squirrelmail-1.4.5-1.2.C30mdk.noarch.rpm\r\n cf91cf6ca3f2bd737b475a1037a521ef x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.2.C30mdk.noarch.rpm\r\n ffab86ae7438d6f23bd934d17d38c41f x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.2.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (GNU/Linux)\r\n\r\niD8DBQFEA0LTmqjQ0CJFipgRAmGgAJ4/BeMMAakb4zJAHt6zLCEPjoLB3wCgrJat\r\npg2vNmVWuwhpB94hv6hQPwA=\r\n=qBAi\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2006-02-28T00:00:00", "published": "2006-02-28T00:00:00", "id": "SECURITYVULNS:DOC:11613", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11613", "title": "[ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:17:56", "bulletinFamily": "exploit", "description": "", "modified": "2006-03-02T00:00:00", "published": "2006-03-02T00:00:00", "href": "https://packetstormsecurity.com/files/44274/SquirrelFlaws.txt.html", "id": "PACKETSTORM:44274", "type": "packetstorm", "title": "SquirrelFlaws.txt", "sourceData": "`============================================= \nINTERNET SECURITY AUDITORS ALERT 2006-002 \n- Original release date: February 27, 2006 \n- Last revised: February 27, 2006 \n- Discovered by: Vicente Aguilera Diaz \n- Severity: 3/5 \n============================================= \nI. VULNERABILITY \n------------------------- \nIMAP/SMTP Injection in SquirrelMail \n \n \nII. BACKGROUND \n------------------------- \nSquirrelMail is a standards-based webmail package written in PHP4. It \nincludes built-in pure PHP support for the IMAP and SMTP protocols, \nand all pages render in pure HTML 4.0 (with no JavaScript required) \nfor maximum compatibility across browsers. It has very few \nrequirements and is very easy to configure and install. SquirrelMail \nhas all the functionality you would want from an email client, \nincluding strong MIME support, address books, and folder manipulation. \nThe product homepage is http://www.squirrelmail.org. \n \n \nIII. DESCRIPTION \n------------------------- \nSquirrelMail provides a graphical interface to interact with mail \nservers across the IMAP and SMTP protocols. \nImproper command and information validation transmitted by \nSquirrelMail to the mail servers during the normal use of this \napplication (mailbox management, e-mail reading and sending, etc.) \nfacilitates that an authenticate malicious user could inject arbitrary \nIMAP/SMTP commands into the mail servers used by SquirrelMail across \nparameters used by the webmail front-ent in its communication with \nthese mail servers. \nThis is become dangerous because the injection of these commands \nallows an intruder to evade restrictions imposed at application level, \nand exploit vulnerabilities that could exist in the mail servers \nthrough IMAP/SMTP commands. \n \n \nIV. PROOF OF CONCEPT \n------------------------- \n \n== IMAP example (1.4.2 version) ============= \nSquirrelMail Vulnerable parameter: \"mailbox\" \n \nWhen a user clicks in the subject of an e-mail, he creates a GET \nrequest as: \nhttp://<victim>/src/read_body.php?mailbox=INBOX&passed_id=1&startMessage=1&show_more=0 \n \nA malicious user can modify the value of the \"mailbox\" parameter and \ninject any IMAP command. \nThe IMAP command injection has the following structure: \nhttp://<victim>/src/read_body.php?mailbox=INBOX%22%0D%0<ID> \n<INJECT_IMAP_COMMAND_HERE>%0D%0A<ID> \n%20SELECT%20%22INBOX&passed_id=<CODE>&startMessage=1 \n \nExample: \nInjection of the RENAME IMAP command across the \"mailbox\" parameter: \nhttp://<victim>/src/read_body.php?mailbox=INBOX%22%0D%0AZ900%20RENAME%20Trash%20Basura%0d%0aZ910%20SELECT%20%22INBOX&passed_id=22197&startMessage=1 \n \n \n \n== SMTP example (1.2.7 version) ============= \nSquirrelMail Vulnerable parameter: \"subject\" (and possibly others) \n \nWhen a user send a message, he create a POST request like: \nPOST http://<victim>/src/compose.php HTTP/1.1 \n \n... \n-----------------------------84060780712450133071594948441 \nContent-Disposition: form-data; name=\"subject\" \n \nProof of Concept \n-----------------------------84060780712450133071594948441 \n... \n \nA malicious user can modify the value of the \"subject\" parameter and \ninject any SMTP command. \nExample: Relay from a non-existent e-mail address \n \n... \n-----------------------------84060780712450133071594948441 \nContent-Disposition: form-data; name=\"subject\" \n \nProof of Concept%0d%0a.%0d%0a%0d%0amail from: \nhacker@domain.com%0d%0arcpt to: \nvictim@otherdomain.com%0d%0adata%0d%0aThis is a proof of concept of \nthe SMTP command injection in SquirrelMail%0d%0a.%0d%0a \n-----------------------------84060780712450133071594948441 \n... \n \n \nV. BUSINESS IMPACT \n------------------------- \nThe IMAP/SMTP command injection allow relay, SPAM, exploit IMAP and \nSMTP vulnerabilities in the mail servers and evade all the \nrestrictions at the application layer. \n \n \nVI. SYSTEMS AFFECTED \n------------------------- \nIMAP Injection: All versions prior to 1.4.6. \nSMTP Injection: SquirrelMail 1.2.7 (and older versions). \n \n \nVII. SOLUTION \n------------------------- \nReplace \\r and \\n from $mailbox in the function sqimap_mailbox_select. \nPatch available: http://www.squirrelmail.org/security/issue/2006-02-15 \n \n \nVIII. REFERENCES \n------------------------- \n- http://www.squirrelmail.org/security/issue/2006-02-15 \n- CVE-2006-0377 \n \n \nIX. CREDITS \n------------------------- \nThis vulnerability has been discovered and reported by Vicente \nAguilera Diaz (vaguilera=at=isecauditors=dot=com). \n \n \nX. REVISION HISTORY \n------------------------- \nJanuary 12, 2006: Initial release \nJanuary 20, 2006: Disclosure timeline updated \nFebruary 16, 2006: Disclosure timeline updated \nFebruary 27, 2006: Disclosure timeline updated \n \n \nXI. DISCLOSURE TIMELINE \n------------------------- \nDecember, 2005 Vulnerability acquired by Vicente Aguilera Diaz \n(Internet Security Auditors) \nJanuary 12, 2006 Initial vendor notification sent. \nJanuary 19, 2006 The vulnerability is fixed in 1.4.6 cvs and \n1.5.1 cvs. \nFebruary 15, 2006 The vendor published the vulnerability in the \nsecurity section. \nFebruary 25, 2006 The CVE-2006-0377 is updated. \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/44274/SquirrelFlaws.txt"}], "nessus": [{"lastseen": "2019-02-21T01:09:07", "bulletinFamily": "scanner", "description": "An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nA bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data.\n(CVE-2006-0188)\n\nA bug was found in the way SquirrelMail filters incoming HTML email.\nIt is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets.\n(CVE-2006-0195)\n\nA bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377)\n\nUsers of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues.", "modified": "2018-11-16T00:00:00", "id": "REDHAT-RHSA-2006-0283.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21363", "published": "2006-05-13T00:00:00", "title": "RHEL 3 / 4 : squirrelmail (RHSA-2006:0283)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0283. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21363);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:25\");\n\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n script_bugtraq_id(16756);\n script_xref(name:\"RHSA\", value:\"2006:0283\");\n\n script_name(english:\"RHEL 3 / 4 : squirrelmail (RHSA-2006:0283)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated squirrelmail package that fixes three security and many\nother bug issues is now available. This update contains bug fixes of\nupstream squirrelmail 1.4.6 with some additional improvements to\ninternational language support.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nA bug was found in the way SquirrelMail presents the right frame to\nthe user. If a user can be tricked into opening a carefully crafted\nURL, it is possible to present the user with arbitrary HTML data.\n(CVE-2006-0188)\n\nA bug was found in the way SquirrelMail filters incoming HTML email.\nIt is possible to cause a victim's web browser to request remote\ncontent by opening a HTML email while running a web browser that\nprocesses certain types of invalid style sheets. Only Internet\nExplorer is known to process such malformed style sheets.\n(CVE-2006-0195)\n\nA bug was found in the way SquirrelMail processes a request to select\nan IMAP mailbox. If a user can be tricked into opening a carefully\ncrafted URL, it is possible to execute arbitrary IMAP commands as the\nuser viewing their mail with SquirrelMail. (CVE-2006-0377)\n\nUsers of SquirrelMail are advised to upgrade to this updated package,\nwhich contains SquirrelMail version 1.4.6 and is not vulnerable to\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0283\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0283\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"squirrelmail-1.4.6-5.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"squirrelmail-1.4.6-5.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:32", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2006-0188 Martijn Brinkers and Ben Maurer found a flaw in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter.\n\n - CVE-2006-0195 Martijn Brinkers and Scott Hughes discovered an interpretation conflict in the MagicHTML filter that allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) '/*' and '*/' comments, or (2) slashes inside the 'url' keyword, which is processed by some web browsers including Internet Explorer.\n\n - CVE-2006-0377 Vicente Aguilera of Internet Security Auditors, S.L.\n discovered a CRLF injection vulnerability, which allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka 'IMAP injection.' There's no known way to exploit this yet.", "modified": "2018-08-10T00:00:00", "id": "DEBIAN_DSA-988.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22854", "published": "2006-10-14T00:00:00", "title": "Debian DSA-988-1 : squirrelmail - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-988. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22854);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n script_xref(name:\"DSA\", value:\"988\");\n\n script_name(english:\"Debian DSA-988-1 : squirrelmail - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2006-0188\n Martijn Brinkers and Ben Maurer found a flaw in\n webmail.php that allows remote attackers to inject\n arbitrary web pages into the right frame via a URL in\n the right_frame parameter.\n\n - CVE-2006-0195\n Martijn Brinkers and Scott Hughes discovered an\n interpretation conflict in the MagicHTML filter that\n allows remote attackers to conduct cross-site scripting\n (XSS) attacks via style sheet specifiers with invalid\n (1) '/*' and '*/' comments, or (2) slashes inside the\n 'url' keyword, which is processed by some web browsers\n including Internet Explorer.\n\n - CVE-2006-0377\n Vicente Aguilera of Internet Security Auditors, S.L.\n discovered a CRLF injection vulnerability, which allows\n remote attackers to inject arbitrary IMAP commands via\n newline characters in the mailbox parameter of the\n sqimap_mailbox_select command, aka 'IMAP injection.'\n There's no known way to exploit this yet.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-988\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the squirrelmail package.\n\nFor the old stable distribution (woody) these problems have been fixed\nin version 1.2.6-5.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2:1.4.4-8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"squirrelmail\", reference:\"1.2.6-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"squirrelmail\", reference:\"2:1.4.4-8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:02", "bulletinFamily": "scanner", "description": "Upgrade to version upstream 1.4.6 which solves these issues in addition to several bugs.\n\nhttp://www.squirrelmail.org/changelog.php More details here.\n\nAdditionally Fedora's package contains fixes that may improve usability of squirrelmail in various non-English languages. Please report to Bug #162852 if this update causes any regressions in non-English language behavior.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-19T00:00:00", "id": "FEDORA_2006-133.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20998", "published": "2006-03-06T00:00:00", "title": "Fedora Core 4 : squirrelmail-1.4.6-1.fc4 (2006-133)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-133.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20998);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 23:19:05\");\n\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n script_xref(name:\"FEDORA\", value:\"2006-133\");\n\n script_name(english:\"Fedora Core 4 : squirrelmail-1.4.6-1.fc4 (2006-133)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to version upstream 1.4.6 which solves these issues in\naddition to several bugs.\n\nhttp://www.squirrelmail.org/changelog.php More details here.\n\nAdditionally Fedora's package contains fixes that may improve\nusability of squirrelmail in various non-English languages. Please\nreport to Bug #162852 if this update causes any regressions in\nnon-English language behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/changelog.php\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2006-March/001850.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?277e738f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"squirrelmail-1.4.6-1.fc4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:16", "bulletinFamily": "scanner", "description": "An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nA bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data.\n(CVE-2006-0188)\n\nA bug was found in the way SquirrelMail filters incoming HTML email.\nIt is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets.\n(CVE-2006-0195)\n\nA bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377)\n\nUsers of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2006-0283.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21992", "published": "2006-07-05T00:00:00", "title": "CentOS 3 / 4 : squirrelmail (CESA-2006:0283)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0283 and \n# CentOS Errata and Security Advisory 2006:0283 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21992);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:27\");\n\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n script_bugtraq_id(16756);\n script_xref(name:\"RHSA\", value:\"2006:0283\");\n\n script_name(english:\"CentOS 3 / 4 : squirrelmail (CESA-2006:0283)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated squirrelmail package that fixes three security and many\nother bug issues is now available. This update contains bug fixes of\nupstream squirrelmail 1.4.6 with some additional improvements to\ninternational language support.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nA bug was found in the way SquirrelMail presents the right frame to\nthe user. If a user can be tricked into opening a carefully crafted\nURL, it is possible to present the user with arbitrary HTML data.\n(CVE-2006-0188)\n\nA bug was found in the way SquirrelMail filters incoming HTML email.\nIt is possible to cause a victim's web browser to request remote\ncontent by opening a HTML email while running a web browser that\nprocesses certain types of invalid style sheets. Only Internet\nExplorer is known to process such malformed style sheets.\n(CVE-2006-0195)\n\nA bug was found in the way SquirrelMail processes a request to select\nan IMAP mailbox. If a user can be tricked into opening a carefully\ncrafted URL, it is possible to execute arbitrary IMAP commands as the\nuser viewing their mail with SquirrelMail. (CVE-2006-0377)\n\nUsers of SquirrelMail are advised to upgrade to this updated package,\nwhich contains SquirrelMail version 1.4.6 and is not vulnerable to\nthese issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012862.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7685c0a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012863.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f96dca0\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d93d7699\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012867.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?731c0b4d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?630f1e62\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012878.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ffe6b73\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"squirrelmail-1.4.6-5.el3.centos.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"squirrelmail-1.4.6-5.el4.centos4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:02", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200603-09 (SquirrelMail: XSS and IMAP command injection)\n\n SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting (only Internet Explorer, CVE-2006-0195). Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection (CVE-2006-0377).\n Impact :\n\n By exploiting the cross-site scripting vulnerabilities, an attacker can execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's webmail account, cookie theft, etc. A remote attacker could exploit the IMAP command injection to execute arbitrary IMAP commands on the configured IMAP server.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "id": "GENTOO_GLSA-200603-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21047", "published": "2006-03-13T00:00:00", "title": "GLSA-200603-09 : SquirrelMail: XSS and IMAP command injection", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200603-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21047);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n script_xref(name:\"GLSA\", value:\"200603-09\");\n\n script_name(english:\"GLSA-200603-09 : SquirrelMail: XSS and IMAP command injection\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200603-09\n(SquirrelMail: XSS and IMAP command injection)\n\n SquirrelMail does not validate the right_frame parameter in\n webmail.php, possibly allowing frame replacement or cross-site\n scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered\n that MagicHTML fails to handle certain input correctly, potentially\n leading to cross-site scripting (only Internet Explorer,\n CVE-2006-0195). Vicente Aguilera reported that the\n sqimap_mailbox_select function did not strip newlines from the mailbox\n or subject parameter, possibly allowing IMAP command injection\n (CVE-2006-0377).\n \nImpact :\n\n By exploiting the cross-site scripting vulnerabilities, an\n attacker can execute arbitrary scripts running in the context of the\n victim's browser. This could lead to a compromise of the user's webmail\n account, cookie theft, etc. A remote attacker could exploit the IMAP\n command injection to execute arbitrary IMAP commands on the configured\n IMAP server.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200603-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All SquirrelMail users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.6'\n Note: Users with the vhosts USE flag set should manually use\n webapp-config to finalize the update.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/squirrelmail\", unaffected:make_list(\"ge 1.4.6\"), vulnerable:make_list(\"lt 1.4.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SquirrelMail\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:01", "bulletinFamily": "scanner", "description": "The installed version of SquirrelMail fails to sanitize user-supplied input to mailbox names before passing them to an IMAP server. An unauthenticated attacker may be able to leverage this issue to launch attacks against the underlying IMAP server or against a user's mailboxes by tricking him into clicking on a specially-formatted link in an email message. \n\nThere are also reportedly several possible cross-site scripting flaws that could be exploited to inject arbitrary HTML and script code into a user's browser.", "modified": "2018-07-30T00:00:00", "id": "SQUIRRELMAIL_146.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20970", "published": "2006-02-22T00:00:00", "title": "SquirrelMail < 1.4.6 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(20970);\n script_version(\"1.21\");\n\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n script_bugtraq_id(16756);\n\n script_name(english:\"SquirrelMail < 1.4.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for IMAP command injection in SquirrelMail\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote webmail application is affected by multiple issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of SquirrelMail fails to sanitize user-supplied\ninput to mailbox names before passing them to an IMAP server. An\nunauthenticated attacker may be able to leverage this issue to launch\nattacks against the underlying IMAP server or against a user's\nmailboxes by tricking him into clicking on a specially-formatted link\nin an email message. \n\nThere are also reportedly several possible cross-site scripting flaws\nthat could be exploited to inject arbitrary HTML and script code\ninto a user's browser.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squirrelmail.org/security/issue/2006-02-01\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squirrelmail.org/security/issue/2006-02-10\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.squirrelmail.org/security/issue/2006-02-15\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SquirrelMail 1.4.6 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/02/22\");\n script_cvs_date(\"Date: 2018/07/30 15:31:31\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:squirrelmail:squirrelmail\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/01\");\nscript_end_attributes();\n\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"squirrelmail_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"imap/login\", \"imap/password\", \"www/squirrelmail\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\n# nb: the vulnerabilities can't be exploited without being authenticated.\nuser = get_kb_item(\"imap/login\");\npass = get_kb_item(\"imap/password\");\nif (!user || !pass) exit(0);\n\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/squirrelmail\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n dir = matches[2];\n init_cookiejar();\n # Try to login.\n r = http_send_recv3(method: \"GET\", item:string(dir, \"/src/login.php\"), port:port);\n if (isnull(r)) exit(0);\n\n # - first grab the session cookie.\n sid = get_http_cookie(name: \"SQMSESSID\");\n if (isnull(sid)) {\n debug_print(\"can't get session cookie!\");\n exit(1);\n }\n # - now send the username / password.\n postdata = string(\n \"login_username=\", user, \"&\",\n \"secretkey=\", pass, \"&\",\n \"js_autodetect_results=0&\",\n \"just_logged_in=1\"\n );\n r = http_send_recv3(method: \"POST\", item: strcat(dir, \"/src/redirect.php\"), \n port: port, data: postdata,\n add_headers: make_array(\"Content-Type\", \"application/x-www-form-urlencoded\"));\n if (isnull(r)) exit(0);\n if (get_http_cookie(name: \"SQMSESSID\") == \"deleted\") {\n debug_print(\"user/password incorrect!\");\n exit(1);\n }\n\n # - and get the secret key.\n key = get_http_cookie(name: \"key\");\n if (isnull(key)) {\n debug_print(\"can't get secret key!\");\n exit(1);\n }\n\n # Finally, try to exploit the IMAP injection flaw.\n r = http_send_recv3(method: \"GET\", \n item:string(\n dir, \"/src/right_main.php?\",\n \"PG_SHOWALL=0&\",\n \"sort=0&\",\n \"startMessage=1&\",\n # nb: this is just a corrupted mailbox name, but since the fix\n # strips out CR/LFs, this will suffice as a check.\n \"mailbox=INBOX\\\\r\\\\n\", SCRIPT_NAME\n ), \n port:port\n );\n # There's a problem if we see an error with the corrupted mailbox name.\n if (string(\"SELECT "INBOX\\\\r\\\\n\", SCRIPT_NAME) >< r[2]) {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n }\n\n # Be nice and sign out.\n r = http_send_recv3(method: \"GET\", item:string(dir, \"/src/signout.php\"), port:port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:09", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered since 1.4.5, including IMAP injection as well as some XSS issues.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_AF9018B6A4F511DABB410011433A9404.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21495", "published": "2006-05-13T00:00:00", "title": "FreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21495);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:41\");\n\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n\n script_name(english:\"FreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered since 1.4.5, including\nIMAP injection as well as some XSS issues.\"\n );\n # https://vuxml.freebsd.org/freebsd/af9018b6-a4f5-11da-bb41-0011433a9404.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?07227cd4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"squirrelmail<1.4.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2006:0283\n\n\nSquirrelMail is a standards-based webmail package written in PHP4.\r\n\r\nA bug was found in the way SquirrelMail presents the right frame to the\r\nuser. If a user can be tricked into opening a carefully crafted URL, it is\r\npossible to present the user with arbitrary HTML data. (CVE-2006-0188)\r\n\r\nA bug was found in the way SquirrelMail filters incoming HTML email. It is\r\npossible to cause a victim's web browser to request remote content by\r\nopening a HTML email while running a web browser that processes certain\r\ntypes of invalid style sheets. Only Internet Explorer is known to process\r\nsuch malformed style sheets. (CVE-2006-0195)\r\n\r\nA bug was found in the way SquirrelMail processes a request to select an\r\nIMAP mailbox. If a user can be tricked into opening a carefully crafted\r\nURL, it is possible to execute arbitrary IMAP commands as the user viewing\r\ntheir mail with SquirrelMail. (CVE-2006-0377)\r\n\r\nUsers of SquirrelMail are advised to upgrade to this updated package, which\r\ncontains SquirrelMail version 1.4.6 and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012862.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012863.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012865.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012867.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012871.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012873.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012874.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012877.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012878.html\n\n**Affected packages:**\nsquirrelmail\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0283.html", "modified": "2006-05-03T20:49:35", "published": "2006-05-03T17:43:37", "href": "http://lists.centos.org/pipermail/centos-announce/2006-May/012862.html", "id": "CESA-2006:0283", "title": "squirrelmail security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:49:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory DSA 988-1.\n\nSeveral vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2006-0188\n\nMartijn Brinkers and Ben Maurer found a flaw in webmail.php that\nallows remote attackers to inject arbitrary web pages into the right\nframe via a URL in the right_frame parameter.\n\nCVE-2006-0195\n\nMartijn Brinkers and Scott Hughes discovered an interpretation\nconflict in the MagicHTML filter that allows remote attackers to\nconduct cross-site scripting (XSS) attacks via style sheet\nspecifiers with invalid (1) /* and */ comments, or (2) slashes\ninside the url keyword, which is processed by some web browsers\nincluding Internet Explorer.\n\nCVE-2006-0377\n\nVicente Aguilera of Internet Security Auditors, S.L. discovered a\nCRLF injection vulnerability, which allows remote attackers to\ninject arbitrary IMAP commands via newline characters in the mailbox\nparameter of the sqimap_mailbox_select command, aka IMAP\ninjection. There's no known way to exploit this yet.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.2.6-5.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56394", "id": "OPENVAS:56394", "title": "Debian Security Advisory DSA 988-1 (squirrelmail)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_988_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 988-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 2:1.4.4-8.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2:1.4.6-1.\n\nWe recommend that you upgrade your squirrelmail package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20988-1\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory DSA 988-1.\n\nSeveral vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2006-0188\n\nMartijn Brinkers and Ben Maurer found a flaw in webmail.php that\nallows remote attackers to inject arbitrary web pages into the right\nframe via a URL in the right_frame parameter.\n\nCVE-2006-0195\n\nMartijn Brinkers and Scott Hughes discovered an interpretation\nconflict in the MagicHTML filter that allows remote attackers to\nconduct cross-site scripting (XSS) attacks via style sheet\nspecifiers with invalid (1) /* and */ comments, or (2) slashes\ninside the url keyword, which is processed by some web browsers\nincluding Internet Explorer.\n\nCVE-2006-0377\n\nVicente Aguilera of Internet Security Auditors, S.L. discovered a\nCRLF injection vulnerability, which allows remote attackers to\ninject arbitrary IMAP commands via newline characters in the mailbox\nparameter of the sqimap_mailbox_select command, aka IMAP\ninjection. There's no known way to exploit this yet.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.2.6-5.\";\n\n\nif(description)\n{\n script_id(56394);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0377\", \"CVE-2006-0195\", \"CVE-2006-0188\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 988-1 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.2.6-5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.4.4-8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:06", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200603-09.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56417", "id": "OPENVAS:56417", "title": "Gentoo Security Advisory GLSA 200603-09 (squirrelmail)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail is vulnerable to several cross-site scripting vulnerabilities\nand IMAP command injection.\";\ntag_solution = \"All SquirrelMail users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.6'\n\nNote: Users with the vhosts USE flag set should manually use webapp-config\nto finalize the update.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=123781\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200603-09.\";\n\n \n\nif(description)\n{\n script_id(56417);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-0188\", \"CVE-2006-0195\", \"CVE-2006-0377\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200603-09 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"mail-client/squirrelmail\", unaffected: make_list(\"ge 1.4.6\"), vulnerable: make_list(\"lt 1.4.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-30T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56314", "id": "OPENVAS:56314", "title": "FreeBSD Ports: squirrelmail", "type": "openvas", "sourceData": "#\n#VID af9018b6-a4f5-11da-bb41-0011433a9404\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: squirrelmail\n\nCVE-2006-0377\nCRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows\nremote attackers to inject arbitrary IMAP commands via newline\ncharacters in the mailbox parameter of the sqimap_mailbox_select\ncommand, aka 'IMAP injection.'\n\nCVE-2006-0195\nInterpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0\nto 1.4.5 allows remote attackers to conduct cross-site scripting (XSS)\nattacks via style sheet specifiers with invalid (1) '/*' and '*/'\ncomments, or (2) a newline in a 'url' specifier, which is processed by\ncertain web browsers including Internet Explorer.\n\nCVE-2006-0188\nwebmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to\ninject arbitrary web pages into the right frame via a URL in the\nright_frame parameter. NOTE: this has been called a cross-site\nscripting (XSS) issue, but it is different than what is normally\nidentified as XSS.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(56314);\n script_version(\"$Revision: 4188 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-30 07:56:47 +0200 (Fri, 30 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-0377\", \"CVE-2006-0195\", \"CVE-2006-0188\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: squirrelmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"squirrelmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.6\")<0) {\n txt += 'Package squirrelmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:21", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 988-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 8th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squirrelmail\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-0377 CVE-2006-0195 CVE-2006-0188\nDebian Bug : 354062 354063 354064 355424\n\nSeveral vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2006-0188\n\n Martijn Brinkers and Ben Maurer found a flaw in webmail.php that\n allows remote attackers to inject arbitrary web pages into the right\n frame via a URL in the right_frame parameter.\n\nCVE-2006-0195\n\n Martijn Brinkers and Scott Hughes discovered an interpretation\n conflict in the MagicHTML filter that allows remote attackers to\n conduct cross-site scripting (XSS) attacks via style sheet\n specifiers with invalid (1) "/*" and "*/" comments, or (2) slashes\n inside the "url" keyword, which is processed by some web browsers\n including Internet Explorer.\n\nCVE-2006-0377\n\n Vicente Aguilera of Internet Security Auditors, S.L. discovered a\n CRLF injection vulnerability, which allows remote attackers to\n inject arbitrary IMAP commands via newline characters in the mailbox\n parameter of the sqimap_mailbox_select command, aka "IMAP\n injection." There's no known way to exploit this yet.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.2.6-5.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2:1.4.4-8.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2:1.4.6-1.\n\nWe recommend that you upgrade your squirrelmail package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.dsc\n Size/MD5 checksum: 582 07fe8ca983ec4bf8a3355a91c79c9d78\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.diff.gz\n Size/MD5 checksum: 24884 a65726611c8f71274582b353e309a9a1\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz\n Size/MD5 checksum: 1856087 be9e6be1de8d3dd818185d596b41a7f1\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5_all.deb\n Size/MD5 checksum: 1841716 1d246bc2ffe2323e2503202bfc147d9c\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc\n Size/MD5 checksum: 678 140546ee9c0534419ddcaf3c7e632110\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz\n Size/MD5 checksum: 24654 15ddd8f4db234006a1ac290087640dfc\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz\n Size/MD5 checksum: 575871 f50548b6f4f24d28afb5e6048977f4da\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb\n Size/MD5 checksum: 570472 2087dcea05cd5e1c4033f15cf120761a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2006-03-08T00:00:00", "published": "2006-03-08T00:00:00", "id": "DEBIAN:DSA-988-1:EDDED", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00066.html", "title": "[SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:53", "bulletinFamily": "unix", "description": "### Background\n\nSquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. \n\n### Description\n\nSquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting (only Internet Explorer, CVE-2006-0195). Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection (CVE-2006-0377). \n\n### Impact\n\nBy exploiting the cross-site scripting vulnerabilities, an attacker can execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's webmail account, cookie theft, etc. A remote attacker could exploit the IMAP command injection to execute arbitrary IMAP commands on the configured IMAP server. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll SquirrelMail users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/squirrelmail-1.4.6\"\n\nNote: Users with the vhosts USE flag set should manually use webapp-config to finalize the update.", "modified": "2006-03-12T00:00:00", "published": "2006-03-12T00:00:00", "id": "GLSA-200603-09", "href": "https://security.gentoo.org/glsa/200603-09", "type": "gentoo", "title": "SquirrelMail: Cross-site scripting and IMAP command injection", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "unix", "description": "\nMultiple vulnerabilities has been discovered since 1.4.5,\n\t including IMAP injection as well as some XSS issues.\n", "modified": "2006-02-23T00:00:00", "published": "2006-02-23T00:00:00", "id": "AF9018B6-A4F5-11DA-BB41-0011433A9404", "href": "https://vuxml.freebsd.org/freebsd/af9018b6-a4f5-11da-bb41-0011433a9404.html", "title": "squirrelmail -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\r\n\r\nA bug was found in the way SquirrelMail presents the right frame to the\r\nuser. If a user can be tricked into opening a carefully crafted URL, it is\r\npossible to present the user with arbitrary HTML data. (CVE-2006-0188)\r\n\r\nA bug was found in the way SquirrelMail filters incoming HTML email. It is\r\npossible to cause a victim's web browser to request remote content by\r\nopening a HTML email while running a web browser that processes certain\r\ntypes of invalid style sheets. Only Internet Explorer is known to process\r\nsuch malformed style sheets. (CVE-2006-0195)\r\n\r\nA bug was found in the way SquirrelMail processes a request to select an\r\nIMAP mailbox. If a user can be tricked into opening a carefully crafted\r\nURL, it is possible to execute arbitrary IMAP commands as the user viewing\r\ntheir mail with SquirrelMail. (CVE-2006-0377)\r\n\r\nUsers of SquirrelMail are advised to upgrade to this updated package, which\r\ncontains SquirrelMail version 1.4.6 and is not vulnerable to these issues.", "modified": "2017-09-08T11:54:43", "published": "2006-05-03T04:00:00", "id": "RHSA-2006:0283", "href": "https://access.redhat.com/errata/RHSA-2006:0283", "type": "redhat", "title": "(RHSA-2006:0283) squirrelmail security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
