Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.SUSE_SQUIRRELMAIL-3944.NASL
HistoryOct 17, 2007 - 12:00 a.m.

openSUSE 10 Security Update : squirrelmail (squirrelmail-3944)

2007-10-1700:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
25
JSON

This update of squirrelmail fixes two cross-site-scripting vulnerabilities that can be used by an attacker to read opened emails (CVE-2007-1262) and to send email on behalf of the user (CVE-2007-2589).

This is a reissue of the previous update due to regressions.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update squirrelmail-3944.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27458);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-1262", "CVE-2007-2589");

  script_name(english:"openSUSE 10 Security Update : squirrelmail (squirrelmail-3944)");
  script_summary(english:"Check for the squirrelmail-3944 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of squirrelmail fixes two cross-site-scripting
vulnerabilities that can be used by an attacker to read opened emails
(CVE-2007-1262) and to send email on behalf of the user
(CVE-2007-2589).

This is a reissue of the previous update due to regressions."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected squirrelmail package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_cwe_id(79, 352);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:squirrelmail");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/06/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);



flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"squirrelmail-1.4.10a-17.1") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"squirrelmail-1.4.9a-2.6") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail");
}
VendorProductVersionCPE
novellopensusesquirrelmailp-cpe:/a:novell:opensuse:squirrelmail
novellopensuse10.1cpe:/o:novell:opensuse:10.1
novellopensuse10.2cpe:/o:novell:opensuse:10.2

Related

redhat 1
centos 1
oraclelinux 1
nessus 9
openvas 7
cve 3
prion 3
veracode 2
ubuntucve 3
freebsd 1
debian 1
jvn 1
fedora 1
seebug 1
redhat
redhat
(RHSA-2007:0358) Moderate: squirrelmail security update
2007-05-17 00:00:00
centos
centos
squirrelmail security update
2007-05-17 18:22:57
oraclelinux
oraclelinux
Moderate: squirrelmail security update
2007-05-17 00:00:00
nessus
nessus
RHEL 3 / 4 / 5 : squirrelmail (RHSA-2007:0358)
2007-05-20 00:00:00
Scientific Linux Security Update : squirrelmail on SL5.x, SL4.x, SL3.x i386/x86_64
2012-08-01 00:00:00
openSUSE 10 Security Update : squirrelmail (squirrelmail-3629)
2007-10-17 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0358)
2015-10-08 00:00:00
Debian: Security Advisory (DSA-1290-1)
2008-01-17 00:00:00
FreeBSD Ports: squirrelmail
2008-09-04 00:00:00
cve
cve
CVE-2007-2589
2007-05-11 04:20:00
CVE-2007-1262
2007-05-11 04:20:00
CVE-2007-2631
2007-05-13 23:19:00
prion
prion
Cross site request forgery (csrf)
2007-05-11 04:20:00
Cross site scripting
2007-05-11 04:20:00
Cross site request forgery (csrf)
2007-05-13 23:19:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2020-04-10 00:14:06
Cross-site Scripting (XSS)
2020-04-10 00:14:05
ubuntucve
ubuntucve
CVE-2007-2589
2007-05-11 00:00:00
CVE-2007-1262
2007-05-11 00:00:00
CVE-2007-2631
2007-05-13 00:00:00
freebsd
freebsd
squirrelmail -- Cross site scripting in HTML filter
2007-05-09 00:00:00
debian
debian
[SECURITY] [DSA 1290-1] New squirrelmail packages fix cross-site scripting
2007-05-13 00:00:00
jvn
jvn
JVN#09157962: SquirrelMail vulnerable to cross-site scripting
2011-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: squirrelmail-1.4.10a-1.fc6
2007-05-14 17:19:18
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
JSON
Related for SUSE_SQUIRRELMAIL-3944.NASL
redhat1centos1oraclelinux1nessus9openvas7cve3prion3veracode2ubuntucve3freebsd1debian1jvn1fedora1seebug1