Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_21B7C5502A2211DBA6E2000E0C2E438A.NASL
HistoryAug 14, 2006 - 12:00 a.m.

FreeBSD : squirrelmail -- random variable overwrite vulnerability (21b7c550-2a22-11db-a6e2-000e0c2e438a)

2006-08-1400:00:00
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.186 Low

EPSS

Percentile

96.2%

JSON

The SquirrelMail developers report :

A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users’ preferences or attachments.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22209);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-4019");

  script_name(english:"FreeBSD : squirrelmail -- random variable overwrite vulnerability (21b7c550-2a22-11db-a6e2-000e0c2e438a)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SquirrelMail developers report :

A logged in user could overwrite random variables in compose.php,
which might make it possible to read/write other users' preferences or
attachments."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.squirrelmail.org/security/issue/2006-08-11"
  );
  # https://vuxml.freebsd.org/freebsd/21b7c550-2a22-11db-a6e2-000e0c2e438a.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3f371a2a"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-squirrelmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:squirrelmail");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"ja-squirrelmail>=1.4.0<1.4.8,2")) flag++;
if (pkg_test(save_report:TRUE, pkg:"squirrelmail>=1.4.0<1.4.8")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
freebsdfreebsdja-squirrelmailp-cpe:/a:freebsd:freebsd:ja-squirrelmail
freebsdfreebsdsquirrelmailp-cpe:/a:freebsd:freebsd:squirrelmail
freebsdfreebsdcpe:/o:freebsd:freebsd

Related

veracode 1
redhat 1
nessus 7
nvd 1
exploitpack 1
openvas 6
cvelist 1
centos 1
cve 1
debian 1
freebsd 1
ubuntucve 1
exploitdb 1
oraclelinux 1
fedora 1
seebug 1
veracode
veracode
Dynamic Variable Evaluation
2020-04-10 00:11:16
redhat
redhat
(RHSA-2006:0668) squirrelmail security update
2006-09-26 00:00:00
nessus
nessus
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
2006-08-17 00:00:00
CentOS 3 / 4 : squirrelmail (CESA-2006:0668)
2006-09-27 00:00:00
RHEL 3 / 4 : squirrelmail (RHSA-2006:0668)
2006-09-27 00:00:00
nvd
nvd
CVE-2006-4019
2006-08-11 21:04:00
exploitpack
exploitpack
SquirrelMail 1.4.7 - Arbitrary Variable Overwrite
2016-08-11 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1154)
2008-01-17 00:00:00
FreeBSD Ports: ja-squirrelmail
2008-09-04 00:00:00
FreeBSD Ports: ja-squirrelmail
2008-09-04 00:00:00
cvelist
cvelist
CVE-2006-4019
2006-08-11 21:00:00
centos
centos
squirrelmail security update
2006-09-26 13:09:45
cve
cve
CVE-2006-4019
2006-08-11 21:04:00
debian
debian
[SECURITY] [DSA 1154-1] New squirrelmail packages fix information disclosure
2006-08-20 00:00:00
freebsd
freebsd
squirrelmail -- random variable overwrite vulnerability
2006-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2006-4019
2006-08-11 00:00:00
exploitdb
exploitdb
SquirrelMail &lt; 1.4.7 - Arbitrary Variable Overwrite
2016-08-11 00:00:00
oraclelinux
oraclelinux
Moderate squirrelmail security update
2006-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: squirrelmail-1.4.8-3.fc5
2007-01-17 16:30:01
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.186 Low

EPSS

Percentile

96.2%

JSON
Related for FREEBSD_PKG_21B7C5502A2211DBA6E2000E0C2E438A.NASL
veracode1redhat1nessus7nvd1exploitpack1openvas6cvelist1centos1cve1debian1freebsd1ubuntucve1exploitdb1oraclelinux1fedora1seebug1