{"id": "OPENVAS:1361412562310880729", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for squirrelmail CESA-2009:1490 centos3 i386", "description": "The remote host is missing an update for the ", "published": "2011-08-09T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880729", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["2009:1490", "http://lists.centos.org/pipermail/centos-announce/2009-October/016181.html"], "cvelist": ["CVE-2009-2964"], "lastseen": "2019-05-29T18:39:56", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:1490"]}, {"type": "cve", "idList": ["CVE-2009-2964"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2091-1:23614"]}, {"type": "jvn", "idList": ["JVN:30881447"]}, {"type": "nessus", "idList": ["5147.PRM", "5571.PRM", "800793.PRM", "CENTOS_RHSA-2009-1490.NASL", "DEBIAN_DSA-2091.NASL", "FEDORA_2009-8797.NASL", "FEDORA_2009-8822.NASL", "MACOSX_10_6_4.NASL", "MACOSX_SECUPD2010-004.NASL", "ORACLELINUX_ELSA-2009-1490.NASL", "REDHAT-RHSA-2009-1490.NASL", "SL_20091008_SQUIRRELMAIL_ON_SL3_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122428", "OPENVAS:136141256231064694", "OPENVAS:136141256231064722", "OPENVAS:136141256231065731", "OPENVAS:136141256231065756", "OPENVAS:136141256231067845", "OPENVAS:1361412562310810929", "OPENVAS:1361412562310880918", "OPENVAS:1361412562310900830", "OPENVAS:64694", "OPENVAS:64722", "OPENVAS:65731", "OPENVAS:65756", "OPENVAS:67845", "OPENVAS:880729", "OPENVAS:880918"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1490"]}, {"type": "osv", "idList": ["OSV:DSA-2091-1"]}, {"type": "redhat", "idList": ["RHSA-2009:1490"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22395", "SECURITYVULNS:DOC:24526", "SECURITYVULNS:VULN:10192", "SECURITYVULNS:VULN:11070"]}, {"type": "seebug", "idList": ["SSV:12149"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2964"]}, {"type": "veracode", "idList": ["VERACODE:23891"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:1490"]}, {"type": "cve", "idList": ["CVE-2009-2964"]}, {"type": "jvn", "idList": ["JVN:30881447"]}, {"type": "nessus", "idList": ["FEDORA_2009-8797.NASL", "MACOSX_10_6_4.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:65731"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1490"]}, {"type": "redhat", "idList": ["RHSA-2009:1490"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10192"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2964"]}]}, "exploitation": null, "vulnersScore": -0.1}, "pluginID": "1361412562310880729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2009:1490 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016181.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880729\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1490\");\n script_cve_id(\"CVE-2009-2964\");\n script_name(\"CentOS Update for squirrelmail CESA-2009:1490 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"squirrelmail on CentOS 3\");\n script_tag(name:\"insight\", value:\"SquirrelMail is a standards-based webmail package written in PHP.\n\n Form submissions in SquirrelMail did not implement protection against\n Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\n user into visiting a malicious web page, the attacker could hijack that\n user's authentication, inject malicious content into that user's\n preferences, or possibly send mail without that user's permission.\n (CVE-2009-2964)\n\n Users of SquirrelMail should upgrade to this updated package, which\n contains a backported patch to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~16.el3.centos.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1660012044}, "_internal": {"score_hash": "9f157c6c937028ed53d211b7d5e9ea68"}}
{"ubuntucve": [{"lastseen": "2022-08-04T14:39:00", "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail\n1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to\nhijack the authentication of unspecified victims via features such as send\nmessage and change preferences, related to (1)\nfunctions/mailbox_display.php, (2) src/addrbook_search_html.php, (3)\nsrc/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6)\nsrc/folders_create.php, (7) src/folders_delete.php, (8)\nsrc/folders_rename_do.php, (9) src/folders_rename_getname.php, (10)\nsrc/folders_subscribe.php, (11) src/move_messages.php, (12)\nsrc/options.php, (13) src/options_highlight.php, (14)\nsrc/options_identities.php, (15) src/options_order.php, (16)\nsrc/search.php, and (17) src/vcard.php.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/squirrelmail/+bug/446838>\n", "cvss3": {}, "published": "2009-08-25T00:00:00", "type": "ubuntucve", "title": "CVE-2009-2964", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964"], "modified": "2009-08-25T00:00:00", "id": "UB:CVE-2009-2964", "href": "https://ubuntu.com/security/CVE-2009-2964", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-27T10:56:45", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1490.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\nuser into visiting a malicious web page, the attacker could hijack that\nuser's authentication, inject malicious content into that user's\npreferences, or possibly send mail without that user's permission.\n(CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1490", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:65731", "href": "http://plugins.openvas.org/nasl.php?oid=65731", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1490.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1490 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1490.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\nuser into visiting a malicious web page, the attacker could hijack that\nuser's authentication, inject malicious content into that user's\npreferences, or possibly send mail without that user's permission.\n(CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(65731);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-2964\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1490\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1490.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n script_xref(name : \"URL\" , value : \"http://www.squirrelmail.org/security/issue/2009-08-12\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~16.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el4_8.8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el5_4.10\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:34", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory FEDORA-2009-8822.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8822 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064722", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064722", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8822.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8822 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Implemented page referral verification mechanism. (Secunia Advisory SA34627)\n- Implemented security token system. (Secunia Advisory SA34627)\n\nChangeLog:\n\n* Mon Aug 17 2009 Michal Hlavinka - 1.4.19-2\n- fix #517312 - CSRF issues in all forms (SA34627)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update squirrelmail' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8822\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory FEDORA-2009-8822.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64722\");\n script_cve_id(\"CVE-2009-2964\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8822 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=517312\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.19~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:58", "description": "The remote host is missing updates to squirrelmail announced in\nadvisory CESA-2009:1490.", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1490 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:65756", "href": "http://plugins.openvas.org/nasl.php?oid=65756", "sourceData": "#CESA-2009:1490 65756 4\n# $Id: ovcesa2009_1490.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1490 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1490\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1490\nhttps://rhn.redhat.com/errata/RHSA-2009-1490.html\";\ntag_summary = \"The remote host is missing updates to squirrelmail announced in\nadvisory CESA-2009:1490.\";\n\n\n\nif(description)\n{\n script_id(65756);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-2964\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1490 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~16.el3.centos.1\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el4_8.8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:48", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for squirrelmail CESA-2009:1490 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880729", "href": "http://plugins.openvas.org/nasl.php?oid=880729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2009:1490 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail is a standards-based webmail package written in PHP.\n\n Form submissions in SquirrelMail did not implement protection against\n Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\n user into visiting a malicious web page, the attacker could hijack that\n user's authentication, inject malicious content into that user's\n preferences, or possibly send mail without that user's permission.\n (CVE-2009-2964)\n \n Users of SquirrelMail should upgrade to this updated package, which\n contains a backported patch to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"squirrelmail on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016181.html\");\n script_id(880729);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1490\");\n script_cve_id(\"CVE-2009-2964\");\n script_name(\"CentOS Update for squirrelmail CESA-2009:1490 centos3 i386\");\n\n script_summary(\"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~16.el3.centos.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:07", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory MDVSA-2009:222.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:222 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064694", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064694", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_222.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:222 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in squirrelmail:\n\nAll form submissions (send message, change preferences, etc.) in\nSquirrelMail were previously subject to cross-site request forgery\n(CSRF), wherein data could be sent to them from an offsite location,\nwhich could allow an attacker to inject malicious content into\nuser preferences or possibly send emails without user consent\n(CVE-2009-2964).\n\nThis update provides a solution to this vulnerability.\n\nAffected: Corporate 4.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:222\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory MDVSA-2009:222.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64694\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2964\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:222 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ar\", rpm:\"squirrelmail-ar~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bg\", rpm:\"squirrelmail-bg~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bn\", rpm:\"squirrelmail-bn~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ca\", rpm:\"squirrelmail-ca~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cs\", rpm:\"squirrelmail-cs~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cy\", rpm:\"squirrelmail-cy~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cyrus\", rpm:\"squirrelmail-cyrus~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-da\", rpm:\"squirrelmail-da~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-de\", rpm:\"squirrelmail-de~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-el\", rpm:\"squirrelmail-el~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-en\", rpm:\"squirrelmail-en~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-es\", rpm:\"squirrelmail-es~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-et\", rpm:\"squirrelmail-et~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-eu\", rpm:\"squirrelmail-eu~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fa\", rpm:\"squirrelmail-fa~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fi\", rpm:\"squirrelmail-fi~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fo\", rpm:\"squirrelmail-fo~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fr\", rpm:\"squirrelmail-fr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fy\", rpm:\"squirrelmail-fy~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-he\", rpm:\"squirrelmail-he~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hr\", rpm:\"squirrelmail-hr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hu\", rpm:\"squirrelmail-hu~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-id\", rpm:\"squirrelmail-id~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-is\", rpm:\"squirrelmail-is~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-it\", rpm:\"squirrelmail-it~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ja\", rpm:\"squirrelmail-ja~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ka\", rpm:\"squirrelmail-ka~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ko\", rpm:\"squirrelmail-ko~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-lt\", rpm:\"squirrelmail-lt~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ms\", rpm:\"squirrelmail-ms~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nb\", rpm:\"squirrelmail-nb~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nl\", rpm:\"squirrelmail-nl~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nn\", rpm:\"squirrelmail-nn~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pl\", rpm:\"squirrelmail-pl~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-poutils\", rpm:\"squirrelmail-poutils~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pt\", rpm:\"squirrelmail-pt~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ro\", rpm:\"squirrelmail-ro~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ru\", rpm:\"squirrelmail-ru~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sk\", rpm:\"squirrelmail-sk~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sl\", rpm:\"squirrelmail-sl~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sr\", rpm:\"squirrelmail-sr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sv\", rpm:\"squirrelmail-sv~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-th\", rpm:\"squirrelmail-th~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-tr\", rpm:\"squirrelmail-tr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ug\", rpm:\"squirrelmail-ug~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-uk\", rpm:\"squirrelmail-uk~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-vi\", rpm:\"squirrelmail-vi~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_CN\", rpm:\"squirrelmail-zh_CN~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_TW\", rpm:\"squirrelmail-zh_TW~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ar\", rpm:\"squirrelmail-ar~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bg\", rpm:\"squirrelmail-bg~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bn\", rpm:\"squirrelmail-bn~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ca\", rpm:\"squirrelmail-ca~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cs\", rpm:\"squirrelmail-cs~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cy\", rpm:\"squirrelmail-cy~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cyrus\", rpm:\"squirrelmail-cyrus~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-da\", rpm:\"squirrelmail-da~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-de\", rpm:\"squirrelmail-de~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-el\", rpm:\"squirrelmail-el~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-en\", rpm:\"squirrelmail-en~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-es\", rpm:\"squirrelmail-es~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-et\", rpm:\"squirrelmail-et~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-eu\", rpm:\"squirrelmail-eu~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fa\", rpm:\"squirrelmail-fa~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fi\", rpm:\"squirrelmail-fi~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fo\", rpm:\"squirrelmail-fo~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fr\", rpm:\"squirrelmail-fr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fy\", rpm:\"squirrelmail-fy~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-he\", rpm:\"squirrelmail-he~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hr\", rpm:\"squirrelmail-hr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hu\", rpm:\"squirrelmail-hu~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-id\", rpm:\"squirrelmail-id~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-is\", rpm:\"squirrelmail-is~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-it\", rpm:\"squirrelmail-it~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ja\", rpm:\"squirrelmail-ja~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ka\", rpm:\"squirrelmail-ka~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ko\", rpm:\"squirrelmail-ko~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-lt\", rpm:\"squirrelmail-lt~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ms\", rpm:\"squirrelmail-ms~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nb\", rpm:\"squirrelmail-nb~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nl\", rpm:\"squirrelmail-nl~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nn\", rpm:\"squirrelmail-nn~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pl\", rpm:\"squirrelmail-pl~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-poutils\", rpm:\"squirrelmail-poutils~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pt\", rpm:\"squirrelmail-pt~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ro\", rpm:\"squirrelmail-ro~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ru\", rpm:\"squirrelmail-ru~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sk\", rpm:\"squirrelmail-sk~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sl\", rpm:\"squirrelmail-sl~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sr\", rpm:\"squirrelmail-sr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sv\", rpm:\"squirrelmail-sv~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-th\", rpm:\"squirrelmail-th~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-tr\", rpm:\"squirrelmail-tr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ug\", rpm:\"squirrelmail-ug~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-uk\", rpm:\"squirrelmail-uk~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-vi\", rpm:\"squirrelmail-vi~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_CN\", rpm:\"squirrelmail-zh_CN~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_TW\", rpm:\"squirrelmail-zh_TW~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:25", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1490.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\nuser into visiting a malicious web page, the attacker could hijack that\nuser's authentication, inject malicious content into that user's\npreferences, or possibly send mail without that user's permission.\n(CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1490", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065731", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065731", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1490.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1490 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1490.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\nuser into visiting a malicious web page, the attacker could hijack that\nuser's authentication, inject malicious content into that user's\npreferences, or possibly send mail without that user's permission.\n(CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65731\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-2964\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1490\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1490.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n script_xref(name : \"URL\" , value : \"http://www.squirrelmail.org/security/issue/2009-08-12\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~16.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el4_8.8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el5_4.10\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for squirrelmail CESA-2009:1490 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880918", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880918", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2009:1490 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016185.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880918\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1490\");\n script_cve_id(\"CVE-2009-2964\");\n script_name(\"CentOS Update for squirrelmail CESA-2009:1490 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"squirrelmail on CentOS 4\");\n script_tag(name:\"insight\", value:\"SquirrelMail is a standards-based webmail package written in PHP.\n\n Form submissions in SquirrelMail did not implement protection against\n Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\n user into visiting a malicious web page, the attacker could hijack that\n user's authentication, inject malicious content into that user's\n preferences, or possibly send mail without that user's permission.\n (CVE-2009-2964)\n\n Users of SquirrelMail should upgrade to this updated package, which\n contains a backported patch to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el4_8.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:56:31", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory FEDORA-2009-8822.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8822 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64722", "href": "http://plugins.openvas.org/nasl.php?oid=64722", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8822.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8822 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Implemented page referral verification mechanism. (Secunia Advisory SA34627)\n- Implemented security token system. (Secunia Advisory SA34627)\n\nChangeLog:\n\n* Mon Aug 17 2009 Michal Hlavinka - 1.4.19-2\n- fix #517312 - CSRF issues in all forms (SA34627)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update squirrelmail' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8822\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory FEDORA-2009-8822.\";\n\n\n\nif(description)\n{\n script_id(64722);\n script_cve_id(\"CVE-2009-2964\");\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8822 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=517312\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.19~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:09", "description": "The remote host is missing updates to squirrelmail announced in\nadvisory CESA-2009:1490.", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1490 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065756", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065756", "sourceData": "#CESA-2009:1490 65756 4\n# $Id: ovcesa2009_1490.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1490 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1490\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1490\nhttps://rhn.redhat.com/errata/RHSA-2009-1490.html\";\ntag_summary = \"The remote host is missing updates to squirrelmail announced in\nadvisory CESA-2009:1490.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65756\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-2964\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1490 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~16.el3.centos.1\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el4_8.8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:22", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for squirrelmail CESA-2009:1490 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880918", "href": "http://plugins.openvas.org/nasl.php?oid=880918", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2009:1490 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail is a standards-based webmail package written in PHP.\n\n Form submissions in SquirrelMail did not implement protection against\n Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\n user into visiting a malicious web page, the attacker could hijack that\n user's authentication, inject malicious content into that user's\n preferences, or possibly send mail without that user's permission.\n (CVE-2009-2964)\n \n Users of SquirrelMail should upgrade to this updated package, which\n contains a backported patch to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"squirrelmail on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016185.html\");\n script_id(880918);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1490\");\n script_cve_id(\"CVE-2009-2964\");\n script_name(\"CentOS Update for squirrelmail CESA-2009:1490 centos4 i386\");\n\n script_summary(\"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el4_8.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:40", "description": "Oracle Linux Local Security Checks ELSA-2009-1490", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1490", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122428", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1490.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122428\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:13 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1490\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1490 - squirrelmail security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1490\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1490.html\");\n script_cve_id(\"CVE-2009-2964\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.0.1.el5_4.10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:40:25", "description": "This host is running SquirrelMail and is prone to multiple Cross\n Site Request Forgery vulnerabilities.", "cvss3": {}, "published": "2009-08-28T00:00:00", "type": "openvas", "title": "SquirrelMail Multiple Cross-Site Request Forgery Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2019-03-07T00:00:00", "id": "OPENVAS:1361412562310900830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_squirrelmail_csrf_vuln.nasl 14033 2019-03-07 11:09:35Z cfischer $\n#\n# SquirrelMail Multiple Cross-Site Request Forgery Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:squirrelmail:squirrelmail';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900830\");\n script_version(\"$Revision: 14033 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 12:09:35 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-28 14:39:11 +0200 (Fri, 28 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2964\");\n script_name(\"SquirrelMail Multiple Cross-Site Request Forgery Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"squirrelmail_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"squirrelmail/installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34627\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/52406\");\n script_xref(name:\"URL\", value:\"http://www.squirrelmail.org/security/issue/2009-08-12\");\n\n script_tag(name:\"impact\", value:\"Attacker may leverage this issue to modify user preferences, delete emails,\n and potentially send emails, and can hijack the authentication of unspecified victims.\");\n\n script_tag(name:\"affected\", value:\"SquirrelMail version 1.4.19 and prior on Linux.\");\n\n script_tag(name:\"insight\", value:\"Multiple CSRF errors are caused via features such as send message and change\n preferences, related to addrbook_search_html.php, folders_rename_getname.php, folders_rename_do.php,\n folders_subscribe.php, move_messages.php, options.php, options_highlight.php, options_identities.php,\n options_order.php, search.php, addressbook.php, compose.php, folders.php, folders_create.php, vcard.php and\n folders_delete.php in /src and mailbox_display.php in functions directory.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 1.4.20 RC1 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running SquirrelMail and is prone to multiple Cross\n Site Request Forgery vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( version_is_less_equal( version:vers, test_version:\"1.4.19\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.4.20 RC1\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:56:22", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory MDVSA-2009:222.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:222 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64694", "href": "http://plugins.openvas.org/nasl.php?oid=64694", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_222.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:222 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in squirrelmail:\n\nAll form submissions (send message, change preferences, etc.) in\nSquirrelMail were previously subject to cross-site request forgery\n(CSRF), wherein data could be sent to them from an offsite location,\nwhich could allow an attacker to inject malicious content into\nuser preferences or possibly send emails without user consent\n(CVE-2009-2964).\n\nThis update provides a solution to this vulnerability.\n\nAffected: Corporate 4.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:222\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory MDVSA-2009:222.\";\n\n \n\nif(description)\n{\n script_id(64694);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2964\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:222 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ar\", rpm:\"squirrelmail-ar~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bg\", rpm:\"squirrelmail-bg~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bn\", rpm:\"squirrelmail-bn~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ca\", rpm:\"squirrelmail-ca~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cs\", rpm:\"squirrelmail-cs~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cy\", rpm:\"squirrelmail-cy~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cyrus\", rpm:\"squirrelmail-cyrus~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-da\", rpm:\"squirrelmail-da~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-de\", rpm:\"squirrelmail-de~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-el\", rpm:\"squirrelmail-el~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-en\", rpm:\"squirrelmail-en~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-es\", rpm:\"squirrelmail-es~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-et\", rpm:\"squirrelmail-et~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-eu\", rpm:\"squirrelmail-eu~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fa\", rpm:\"squirrelmail-fa~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fi\", rpm:\"squirrelmail-fi~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fo\", rpm:\"squirrelmail-fo~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fr\", rpm:\"squirrelmail-fr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fy\", rpm:\"squirrelmail-fy~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-he\", rpm:\"squirrelmail-he~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hr\", rpm:\"squirrelmail-hr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hu\", rpm:\"squirrelmail-hu~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-id\", rpm:\"squirrelmail-id~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-is\", rpm:\"squirrelmail-is~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-it\", rpm:\"squirrelmail-it~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ja\", rpm:\"squirrelmail-ja~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ka\", rpm:\"squirrelmail-ka~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ko\", rpm:\"squirrelmail-ko~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-lt\", rpm:\"squirrelmail-lt~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ms\", rpm:\"squirrelmail-ms~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nb\", rpm:\"squirrelmail-nb~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nl\", rpm:\"squirrelmail-nl~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nn\", rpm:\"squirrelmail-nn~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pl\", rpm:\"squirrelmail-pl~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-poutils\", rpm:\"squirrelmail-poutils~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pt\", rpm:\"squirrelmail-pt~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ro\", rpm:\"squirrelmail-ro~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ru\", rpm:\"squirrelmail-ru~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sk\", rpm:\"squirrelmail-sk~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sl\", rpm:\"squirrelmail-sl~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sr\", rpm:\"squirrelmail-sr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sv\", rpm:\"squirrelmail-sv~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-th\", rpm:\"squirrelmail-th~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-tr\", rpm:\"squirrelmail-tr~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ug\", rpm:\"squirrelmail-ug~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-uk\", rpm:\"squirrelmail-uk~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-vi\", rpm:\"squirrelmail-vi~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_CN\", rpm:\"squirrelmail-zh_CN~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_TW\", rpm:\"squirrelmail-zh_TW~1.4.19~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ar\", rpm:\"squirrelmail-ar~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bg\", rpm:\"squirrelmail-bg~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-bn\", rpm:\"squirrelmail-bn~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ca\", rpm:\"squirrelmail-ca~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cs\", rpm:\"squirrelmail-cs~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cy\", rpm:\"squirrelmail-cy~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-cyrus\", rpm:\"squirrelmail-cyrus~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-da\", rpm:\"squirrelmail-da~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-de\", rpm:\"squirrelmail-de~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-el\", rpm:\"squirrelmail-el~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-en\", rpm:\"squirrelmail-en~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-es\", rpm:\"squirrelmail-es~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-et\", rpm:\"squirrelmail-et~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-eu\", rpm:\"squirrelmail-eu~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fa\", rpm:\"squirrelmail-fa~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fi\", rpm:\"squirrelmail-fi~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fo\", rpm:\"squirrelmail-fo~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fr\", rpm:\"squirrelmail-fr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-fy\", rpm:\"squirrelmail-fy~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-he\", rpm:\"squirrelmail-he~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hr\", rpm:\"squirrelmail-hr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-hu\", rpm:\"squirrelmail-hu~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-id\", rpm:\"squirrelmail-id~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-is\", rpm:\"squirrelmail-is~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-it\", rpm:\"squirrelmail-it~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ja\", rpm:\"squirrelmail-ja~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ka\", rpm:\"squirrelmail-ka~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ko\", rpm:\"squirrelmail-ko~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-lt\", rpm:\"squirrelmail-lt~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ms\", rpm:\"squirrelmail-ms~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nb\", rpm:\"squirrelmail-nb~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nl\", rpm:\"squirrelmail-nl~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-nn\", rpm:\"squirrelmail-nn~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pl\", rpm:\"squirrelmail-pl~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-poutils\", rpm:\"squirrelmail-poutils~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-pt\", rpm:\"squirrelmail-pt~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ro\", rpm:\"squirrelmail-ro~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ru\", rpm:\"squirrelmail-ru~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sk\", rpm:\"squirrelmail-sk~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sl\", rpm:\"squirrelmail-sl~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sr\", rpm:\"squirrelmail-sr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-sv\", rpm:\"squirrelmail-sv~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-th\", rpm:\"squirrelmail-th~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-tr\", rpm:\"squirrelmail-tr~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-ug\", rpm:\"squirrelmail-ug~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-uk\", rpm:\"squirrelmail-uk~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-vi\", rpm:\"squirrelmail-vi~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_CN\", rpm:\"squirrelmail-zh_CN~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squirrelmail-zh_TW\", rpm:\"squirrelmail-zh_TW~1.4.19~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:24", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2091-1.", "cvss3": {}, "published": "2010-08-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2091-1 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2813", "CVE-2009-2964"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67845", "href": "http://plugins.openvas.org/nasl.php?oid=67845", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2091_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2091-1 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail, a webmail application, does not employ a user-specific token\nfor webforms. This allows a remote attacker to perform a Cross Site Request\nForgery (CSRF) attack. The attacker may hijack the authentication of\nunspecified victims and send messages or change user preferences among other\nactions, by tricking the victim into following a link controlled by the\noffender.\n\nIn addition, a denial-of-service was fixed, which could be triggered when a\npasswords containing 8-bit characters was used to log in (CVE-2010-2813).\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny3.1.\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 1.4.21-1.\n\nWe recommend that you upgrade your squirrelmail packages.\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2091-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202091-1\";\n\n\nif(description)\n{\n script_id(67845);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2964\", \"CVE-2010-2813\");\n script_name(\"Debian Security Advisory DSA 2091-1 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.4.15-4+lenny3.1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:40", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2091-1.", "cvss3": {}, "published": "2010-08-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2091-1 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2813", "CVE-2009-2964"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:136141256231067845", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067845", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2091_1.nasl 8338 2018-01-09 08:00:38Z teissa $\n# Description: Auto-generated from advisory DSA 2091-1 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail, a webmail application, does not employ a user-specific token\nfor webforms. This allows a remote attacker to perform a Cross Site Request\nForgery (CSRF) attack. The attacker may hijack the authentication of\nunspecified victims and send messages or change user preferences among other\nactions, by tricking the victim into following a link controlled by the\noffender.\n\nIn addition, a denial-of-service was fixed, which could be triggered when a\npasswords containing 8-bit characters was used to log in (CVE-2010-2813).\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny3.1.\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 1.4.21-1.\n\nWe recommend that you upgrade your squirrelmail packages.\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2091-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202091-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67845\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2964\", \"CVE-2010-2813\");\n script_name(\"Debian Security Advisory DSA 2091-1 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.4.15-4+lenny3.1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:18", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 April-2017", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0302", "CVE-2009-1579", "CVE-2010-1382", "CVE-2010-0186", "CVE-2010-1374", "CVE-2010-0545", "CVE-2010-0540", "CVE-2010-1381", "CVE-2010-1748", "CVE-2010-0187", "CVE-2010-0734", "CVE-2010-0546", "CVE-2009-1580", "CVE-2009-1581", "CVE-2010-1411", "CVE-2009-1578", "CVE-2009-4212", "CVE-2009-2964", "CVE-2010-0541"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310810929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810929", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln01_apr17.nasl 14295 2019-03-18 20:16:46Z cfischer $\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 April-2017\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810929\");\n script_version(\"$Revision: 14295 $\");\n script_cve_id(\"CVE-2010-0540\", \"CVE-2010-0302\", \"CVE-2010-1748\", \"CVE-2010-0545\",\n \"CVE-2010-0186\", \"CVE-2010-0187\", \"CVE-2010-0546\", \"CVE-2010-1374\",\n \"CVE-2010-1411\", \"CVE-2009-4212\", \"CVE-2010-0734\", \"CVE-2010-0541\",\n \"CVE-2010-1381\", \"CVE-2009-1578\", \"CVE-2009-1579\", \"CVE-2009-1580\",\n \"CVE-2009-1581\", \"CVE-2009-2964\", \"CVE-2010-1382\");\n script_bugtraq_id(40889, 38510, 40897, 40898, 38198, 38200, 40887, 40896, 40823,\n 37749, 38162, 40895, 40893, 34916, 36196, 40892);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 21:16:46 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-18 11:40:44 +0530 (Tue, 18 Apr 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 April-2017\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The Wiki Server does not specify an explicit character set when serving\n HTML documents in response to user requests.\n\n - Multiple errors in SquirrelMail.\n\n - A configuration issue exists in Apple's distribution of Samba, the server\n used for SMB file sharing.\n\n - An input validation error in the Ruby WEBrick HTTP server's handling of\n error pages.\n\n - A buffer overflow exists in libcurl's handling of gzip-compressed web\n content.\n\n - An integer overflow exists in AES and RC4 decryption operations of the\n crypto library in the KDC server.\n\n - Multiple integer overflows in the handling of TIFF files.\n\n - A directory traversal issue exists in iChat's handling of inline\n image transfers.\n\n - A symlink following issue exists in Folder Manager.\n\n - Multiple errors in Adobe Flash Player plug-in.\n\n - An uninitialized memory read issue exists in the CUPS web interface's\n handling of form variables.\n\n - An use after free error exists in cupsd.\n\n - A cross-site request forgery issue exists in the CUPS web interface.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to conduct cross-site scripting attack, access sensitive information, cause\n an unexpected application termination or arbitrary code execution, upload\n files to arbitrary locations on the filesystem of a user and cause privilege\n escalation.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X and Mac OS X Server\n version 10.5.8, 10.6 through 10.6.3\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate security patch from\n the reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod\", value:\"30\"); ## Build information is not available\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT4188\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[56]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName)\n{\n ## 10.5.8 prior to build X is also vulnerable.\n if(version_in_range(version:osVer, test_version:\"10.6\", test_version2:\"10.6.3\") ||\n version_in_range(version:osVer, test_version:\"10.5\", test_version2:\"10.5.8\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.6.4 or apply patch\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "jvn": [{"lastseen": "2021-12-28T23:21:19", "description": "SquirrelMail from SquirrelMail Project is an open source webmail (web-based email). \nSquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. \n\n\n ## Impact\n\nA remote attacker may send an arbitrary email or change the settings.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version of SquirrelMail according to the information provided by the developer. \n \nThe issue was resolved in SquirrelMail 1.4.20. \n\n\n ## Products Affected\n\n * SquirrelMail 1.4.19 and earlier\n", "cvss3": {}, "published": "2011-01-07T00:00:00", "type": "jvn", "title": "JVN#30881447: SquirrelMail vulnerable to cross-site request forgery", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964"], "modified": "2011-01-07T00:00:00", "id": "JVN:30881447", "href": "http://jvn.jp/en/jp/JVN30881447/index.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:13:20", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.\r\nPostNuke: SQL injection.", "edition": 2, "cvss3": {}, "published": "2009-08-31T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2009-08-31T00:00:00", "id": "SECURITYVULNS:VULN:10192", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10192", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:222\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : squirrelmail\r\n Date : August 28, 2009\r\n Affected: Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in squirrelmail:\r\n \r\n All form submissions (send message, change preferences, etc.) in\r\n SquirrelMail were previously subject to cross-site request forgery\r\n (CSRF), wherein data could be sent to them from an offsite location,\r\n which could allow an attacker to inject malicious content into\r\n user preferences or possibly send emails without user consent\r\n (CVE-2009-2964).\r\n \r\n This update provides a solution to this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Corporate 4.0:\r\n 07853523b82616b74a6e91f43a5226b1 corporate/4.0/i586/squirrelmail-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 4915ce21d899fffd164fef01a25109ad corporate/4.0/i586/squirrelmail-ar-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 66389c88b45e197a16dfde699a6670e0 corporate/4.0/i586/squirrelmail-bg-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n a1b44ba9f413b10c78e97624eb831e7c corporate/4.0/i586/squirrelmail-bn-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 1c3550b3ccc9d5ea7fd64e2569aafb3d corporate/4.0/i586/squirrelmail-ca-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 2b3fa0d0a9769c1a5d5f96d942461fa5 corporate/4.0/i586/squirrelmail-cs-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 7d19c60ff9c5b975eb2e621ed3f13307 corporate/4.0/i586/squirrelmail-cy-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 316f926a7f9a3d153e32e70ec492725d corporate/4.0/i586/squirrelmail-cyrus-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 165dea8862ebef08027e177fc2f209d6 corporate/4.0/i586/squirrelmail-da-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 64710bf14e59f8ef61222b043ce2d9f2 corporate/4.0/i586/squirrelmail-de-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n f431c724d28d9bae45f750ae6c174a99 corporate/4.0/i586/squirrelmail-el-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 336bf86cfd54661964f62d1d9aad8e1e corporate/4.0/i586/squirrelmail-en-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 00fe1d3c59887a1d2e8901e0eef645b2 corporate/4.0/i586/squirrelmail-es-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 5c701a558afc2e8c5ec7aac0c80f6134 corporate/4.0/i586/squirrelmail-et-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n e38f1abbbd4ae8333ef7bf65ae82f32e corporate/4.0/i586/squirrelmail-eu-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 96a39481fcf2da7837abd49d5e61be29 corporate/4.0/i586/squirrelmail-fa-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n cb288868fac3dcbc5804800a6414343e corporate/4.0/i586/squirrelmail-fi-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n afdde3cbc96ae9355cf9484d812e804c corporate/4.0/i586/squirrelmail-fo-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n f3b417eaed6cd5413ac7df7a47101ace corporate/4.0/i586/squirrelmail-fr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n f304a4cd6ac38d367b75355c7bf0e3c5 corporate/4.0/i586/squirrelmail-fy-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n b9f19856b8b76aef3178ee1d0f2ea395 corporate/4.0/i586/squirrelmail-he-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 5d8968ab323f9a27e397048d6e2658a1 corporate/4.0/i586/squirrelmail-hr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n a6ec45bd0b3ae4fe5fc132405320e065 corporate/4.0/i586/squirrelmail-hu-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n df109a32699c3e60b02a6dec2e7c066d corporate/4.0/i586/squirrelmail-id-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 1d74e07dee950c7abdf409dd32a2dd74 corporate/4.0/i586/squirrelmail-is-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n dfbb352c36ebc80809502c9252c85431 corporate/4.0/i586/squirrelmail-it-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n c5a76d5e7e2d77254519941d7ca3df14 corporate/4.0/i586/squirrelmail-ja-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 95b980baf0f4d0b82f40543d33a9f34c corporate/4.0/i586/squirrelmail-ka-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n ee926e9ec1ec5b42d46db129fafa0a18 corporate/4.0/i586/squirrelmail-ko-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n bb9e7d59f0e912592f8ef4ff235c749f corporate/4.0/i586/squirrelmail-lt-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n fe70dc272d2b84cbbf2304fc711bae3b corporate/4.0/i586/squirrelmail-ms-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n fd8549286b18b43223ddd27a2df91474 corporate/4.0/i586/squirrelmail-nb-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 752e2a9d66171bc1c51b8f33beebaa9b corporate/4.0/i586/squirrelmail-nl-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 05f35b4b24100fbe70980f8a79dfa12a corporate/4.0/i586/squirrelmail-nn-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 9d9d6c6d0741739c954662e491266e68 corporate/4.0/i586/squirrelmail-pl-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n b260c9c031caa0c8e65eeba9fcd80237 corporate/4.0/i586/squirrelmail-poutils-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 667ed8ff60cf841e5328d1354c5747e3 corporate/4.0/i586/squirrelmail-pt-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n ab4922a9a4abc1da80832e5b4b8d4110 corporate/4.0/i586/squirrelmail-ro-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 8c3fe5a315d2abd5191fe40ac98ab841 corporate/4.0/i586/squirrelmail-ru-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n e827011cfc5bbf20be9ff5f6d6881b3a corporate/4.0/i586/squirrelmail-sk-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n a8eb5bcc92a263d5192d6a271bcf637d corporate/4.0/i586/squirrelmail-sl-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n d9fcca8a064a56a55369c6df7ea910df corporate/4.0/i586/squirrelmail-sr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 9504fe228b7355d79c0329650c6659a3 corporate/4.0/i586/squirrelmail-sv-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 72797303f7d8cc847f9cf99828e4f611 corporate/4.0/i586/squirrelmail-th-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 42a2b9b8e23974844e26f78b2174e3ef corporate/4.0/i586/squirrelmail-tr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 77b745ea5fa8e9774a0492a21faf26c0 corporate/4.0/i586/squirrelmail-ug-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n f88e0a6ea5ef5af39c2e2f9cf98226f0 corporate/4.0/i586/squirrelmail-uk-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 2e5cf7fe7c0fe2ea76c7f6fbe7210878 corporate/4.0/i586/squirrelmail-vi-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n fb698076af983dd1be11051e2f2f775e corporate/4.0/i586/squirrelmail-zh_CN-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 80bbd48d2c29f91c5956b89a0bd71cfd corporate/4.0/i586/squirrelmail-zh_TW-1.4.19-0.2.20060mlcs4.noarch.rpm \r\n 4281e6aba03bbfbb9c6ae40bf1eac438 corporate/4.0/SRPMS/squirrelmail-1.4.19-0.2.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n f693d85506d4e23682b4997928dca4ac corporate/4.0/x86_64/squirrelmail-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n a6cbff7ef90065b7284d866b8156b3cd corporate/4.0/x86_64/squirrelmail-ar-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 99c1cfe958b0d3a41c69c94fd785c31b corporate/4.0/x86_64/squirrelmail-bg-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 4b82e374a57985228e25aeb2cdcca3b3 corporate/4.0/x86_64/squirrelmail-bn-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 9023a977f918a273dd76dcd8c0f68b92 corporate/4.0/x86_64/squirrelmail-ca-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 5050534c0892f36b34bef5eacecb42c1 corporate/4.0/x86_64/squirrelmail-cs-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 617afe6e8e4bd6c125289d3a6413f7fe corporate/4.0/x86_64/squirrelmail-cy-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 546ab69752468424598883ba20e3b1ed corporate/4.0/x86_64/squirrelmail-cyrus-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 2a047bab2f7832adcc97448f617ae1bc corporate/4.0/x86_64/squirrelmail-da-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 230ffb1561d2f1b5e3f10299ad4b7ebd corporate/4.0/x86_64/squirrelmail-de-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n f33f3c3a47a7556e96f88c6ef0d7e3a6 corporate/4.0/x86_64/squirrelmail-el-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n bc58a39731c37481da5245acfa5e910a corporate/4.0/x86_64/squirrelmail-en-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 2fe56980ef4742c8f730257492eb021c corporate/4.0/x86_64/squirrelmail-es-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 3b74703b17dcf9f842a08841e9e57269 corporate/4.0/x86_64/squirrelmail-et-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n c1a497b87ce46a2f69fe64c3f745fbce corporate/4.0/x86_64/squirrelmail-eu-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 51749b8968fd1ea97b5fbe99ff455dc9 corporate/4.0/x86_64/squirrelmail-fa-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 806e9de93b3f7be275896b1b9a7a25fa corporate/4.0/x86_64/squirrelmail-fi-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 3f169fc3b5f305126a13960767dec3df corporate/4.0/x86_64/squirrelmail-fo-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 5131e26c149867c7ab4786288bb6b25e corporate/4.0/x86_64/squirrelmail-fr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 1afbe3f3a813d1f2c92156312b5658ec corporate/4.0/x86_64/squirrelmail-fy-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n d6e50f588e565fe69ffecb74a9d7dd0e corporate/4.0/x86_64/squirrelmail-he-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 10057dd51976b4dd46aa0e272fc8d281 corporate/4.0/x86_64/squirrelmail-hr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 767bf0d40efe8f06d62f121fbeab5ae3 corporate/4.0/x86_64/squirrelmail-hu-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n c7e26a4915a8993f6c1b163f7ae78b26 corporate/4.0/x86_64/squirrelmail-id-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n ead03d04f5e6b257c2ad58a1c404778a corporate/4.0/x86_64/squirrelmail-is-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 25dd4fa28ba4b6b7a0cff7fa8905a559 corporate/4.0/x86_64/squirrelmail-it-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 8bc295ac82873981c2575f17dc474c26 corporate/4.0/x86_64/squirrelmail-ja-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n bc46dadf240955b08a83e952c56bad45 corporate/4.0/x86_64/squirrelmail-ka-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n aefb9cac0ecbda40175d71026ed208bf corporate/4.0/x86_64/squirrelmail-ko-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 80088f747abe1f7db959a70611d9efab corporate/4.0/x86_64/squirrelmail-lt-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 800432c87f88805f83d9343cc4ed1bd0 corporate/4.0/x86_64/squirrelmail-ms-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n cf3e0d64834c708dc2490956c079e1a4 corporate/4.0/x86_64/squirrelmail-nb-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 93c6c84c3db5a7cc466c7763664f75f7 corporate/4.0/x86_64/squirrelmail-nl-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 8d23da4622286f11e4b51dc22b4919c6 corporate/4.0/x86_64/squirrelmail-nn-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 5e7283ff7c9436c6fe8743402457fedb corporate/4.0/x86_64/squirrelmail-pl-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n d8b3be60eb620d83e932f0f902410129 corporate/4.0/x86_64/squirrelmail-poutils-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n abd8b6599b816f0ff092a0919c2d3246 corporate/4.0/x86_64/squirrelmail-pt-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n b409f68939477f0297744b0919e6a8be corporate/4.0/x86_64/squirrelmail-ro-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 68d9956c0b5e0cd3f4fce76664142e15 corporate/4.0/x86_64/squirrelmail-ru-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 666ff1b85078c4621a02a6db6c252bb1 corporate/4.0/x86_64/squirrelmail-sk-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n b7f7b3043e75115a7674ff513fe004fa corporate/4.0/x86_64/squirrelmail-sl-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 02e478c51994f9cdcc4204f18fd88d2d corporate/4.0/x86_64/squirrelmail-sr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 78c447304786edc09ccaa6aba438e024 corporate/4.0/x86_64/squirrelmail-sv-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 8446fa57725f94274946af75141236e3 corporate/4.0/x86_64/squirrelmail-th-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 8541c44a38f9d5c4c3eac9417bce517d corporate/4.0/x86_64/squirrelmail-tr-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 2b79d91bb341067df893ca758fcbda98 corporate/4.0/x86_64/squirrelmail-ug-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n a5372c6a18f14aaa5234cfbc92d8ef30 corporate/4.0/x86_64/squirrelmail-uk-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 160cc95b5574aa8ccc588f62f6b61379 corporate/4.0/x86_64/squirrelmail-vi-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n 73a0a0a46b15d821dfe04e2894bab0ee corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.19-0.2.20060mlcs4.noarch.rpm\r\n fd23da0a8acf872039a72f3bec4d2b3d corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.19-0.2.20060mlcs4.noarch.rpm \r\n 4281e6aba03bbfbb9c6ae40bf1eac438 corporate/4.0/SRPMS/squirrelmail-1.4.19-0.2.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 979eddcba9906b696037efa7edcf5cf3 mes5/i586/squirrelmail-1.4.19-2.2mdvmes5.noarch.rpm\r\n 774058ddb64bc9ca61b95543b4de7adc mes5/i586/squirrelmail-ar-1.4.19-2.2mdvmes5.noarch.rpm\r\n 15fe05fcea946b36d4f4ea6f580c1100 mes5/i586/squirrelmail-bg-1.4.19-2.2mdvmes5.noarch.rpm\r\n e0cb372a4a24e062625c1ecfce45f76f mes5/i586/squirrelmail-bn-1.4.19-2.2mdvmes5.noarch.rpm\r\n c7e84419ee6b7f07e94e83fbb2aa403a mes5/i586/squirrelmail-ca-1.4.19-2.2mdvmes5.noarch.rpm\r\n d97bbd578b3344c03dbea339c32c3c5a mes5/i586/squirrelmail-cs-1.4.19-2.2mdvmes5.noarch.rpm\r\n 1dafbd45de44aec7b9c85a1284de7b2b mes5/i586/squirrelmail-cy-1.4.19-2.2mdvmes5.noarch.rpm\r\n 107306efe6d595174cf72a3225da179c mes5/i586/squirrelmail-cyrus-1.4.19-2.2mdvmes5.noarch.rpm\r\n f93a4151b722e98528942ab3ac0733f1 mes5/i586/squirrelmail-da-1.4.19-2.2mdvmes5.noarch.rpm\r\n ad7d71fa952e4ade1562068485aba94a mes5/i586/squirrelmail-de-1.4.19-2.2mdvmes5.noarch.rpm\r\n 4c695462f76e3e1f4bba6b30df74358e mes5/i586/squirrelmail-el-1.4.19-2.2mdvmes5.noarch.rpm\r\n 94eee7e7ae216813e0d436a051c6301c mes5/i586/squirrelmail-en-1.4.19-2.2mdvmes5.noarch.rpm\r\n 13fbc4b5a8aab03d5395b485de5dcf03 mes5/i586/squirrelmail-es-1.4.19-2.2mdvmes5.noarch.rpm\r\n 3ae3ad38b4abacee3dc7a6099ef4f866 mes5/i586/squirrelmail-et-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6f3517140f0a01337a209a7e60749200 mes5/i586/squirrelmail-eu-1.4.19-2.2mdvmes5.noarch.rpm\r\n 0c1d2820dab56ae235d6fc027216839a mes5/i586/squirrelmail-fa-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6456cc298aac5c50d92a78e344adfbdb mes5/i586/squirrelmail-fi-1.4.19-2.2mdvmes5.noarch.rpm\r\n 07c2abd74eabfe5f13ba46de0ce8f434 mes5/i586/squirrelmail-fo-1.4.19-2.2mdvmes5.noarch.rpm\r\n 60fc550042045ca9259cf56a8d030b1d mes5/i586/squirrelmail-fr-1.4.19-2.2mdvmes5.noarch.rpm\r\n 5f2eaddedbff4b779cd481c946a648e2 mes5/i586/squirrelmail-fy-1.4.19-2.2mdvmes5.noarch.rpm\r\n 22121300fc28fb0dc84e13c37bd8c524 mes5/i586/squirrelmail-he-1.4.19-2.2mdvmes5.noarch.rpm\r\n afab6152f5271bd0f9db4fdbdc84e269 mes5/i586/squirrelmail-hr-1.4.19-2.2mdvmes5.noarch.rpm\r\n 5673279092a6d794102a99fe17e0d40f mes5/i586/squirrelmail-hu-1.4.19-2.2mdvmes5.noarch.rpm\r\n c0fb3ddb7bb49f6fe65667ec078e90d8 mes5/i586/squirrelmail-id-1.4.19-2.2mdvmes5.noarch.rpm\r\n 9b1c214c28a9306b91be2fbb328077ad mes5/i586/squirrelmail-is-1.4.19-2.2mdvmes5.noarch.rpm\r\n dc21633a4a11aac95b14be984053eafa mes5/i586/squirrelmail-it-1.4.19-2.2mdvmes5.noarch.rpm\r\n a6fa9368a0068c16ee3e52315ba1e5a0 mes5/i586/squirrelmail-ja-1.4.19-2.2mdvmes5.noarch.rpm\r\n 56f5fbe9c041363a68bfc484364774d4 mes5/i586/squirrelmail-ka-1.4.19-2.2mdvmes5.noarch.rpm\r\n e22c8e16cb452ea1be8067929a65e65d mes5/i586/squirrelmail-ko-1.4.19-2.2mdvmes5.noarch.rpm\r\n e24b83137768a2118de1f4a4d0d07257 mes5/i586/squirrelmail-lt-1.4.19-2.2mdvmes5.noarch.rpm\r\n b99c278634b2ef07086ddfebe7e834e3 mes5/i586/squirrelmail-ms-1.4.19-2.2mdvmes5.noarch.rpm\r\n 599399c0639f1a100a5d8c3645f262e2 mes5/i586/squirrelmail-nb-1.4.19-2.2mdvmes5.noarch.rpm\r\n 04f6e91c37ee69b3e016cbb9639dfb9c mes5/i586/squirrelmail-nl-1.4.19-2.2mdvmes5.noarch.rpm\r\n e8f92051e148c4e264f4d215d3cb4967 mes5/i586/squirrelmail-nn-1.4.19-2.2mdvmes5.noarch.rpm\r\n 9a83ef841188552819559e71e6bdb46b mes5/i586/squirrelmail-pl-1.4.19-2.2mdvmes5.noarch.rpm\r\n c7e31571b15e2253dacf5f2b2fd72dcd mes5/i586/squirrelmail-poutils-1.4.19-2.2mdvmes5.noarch.rpm\r\n de7daf00bdf2799f82e5da523b96bcb3 mes5/i586/squirrelmail-pt-1.4.19-2.2mdvmes5.noarch.rpm\r\n 683d3458b8297942452985ae612b4455 mes5/i586/squirrelmail-ro-1.4.19-2.2mdvmes5.noarch.rpm\r\n a71f34282d0b5d7cacd9de1db5fb6f51 mes5/i586/squirrelmail-ru-1.4.19-2.2mdvmes5.noarch.rpm\r\n ff1e85fddfcea3ff4f87ec6803d11a56 mes5/i586/squirrelmail-sk-1.4.19-2.2mdvmes5.noarch.rpm\r\n ad6e1b0f18ef0e492c6ffa04b38aeae8 mes5/i586/squirrelmail-sl-1.4.19-2.2mdvmes5.noarch.rpm\r\n 4e747e2c672fbb6e121ee456aa8dae8b mes5/i586/squirrelmail-sr-1.4.19-2.2mdvmes5.noarch.rpm\r\n 970f1ee9419823d193aa5d8cb49fd51c mes5/i586/squirrelmail-sv-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6262be947f0739fe240556ee6a7e2524 mes5/i586/squirrelmail-th-1.4.19-2.2mdvmes5.noarch.rpm\r\n 14c9bcb6b68e796e706ed5a4f3d41e54 mes5/i586/squirrelmail-tr-1.4.19-2.2mdvmes5.noarch.rpm\r\n 369425a648d26646ed3b17ab76960894 mes5/i586/squirrelmail-ug-1.4.19-2.2mdvmes5.noarch.rpm\r\n fe643740cd5cadecc15e13915e0f25ae mes5/i586/squirrelmail-uk-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6ab100079ef5b316042a0a1bee2e6463 mes5/i586/squirrelmail-vi-1.4.19-2.2mdvmes5.noarch.rpm\r\n 69837bd65b526f0db6c5691ce20c2f1f mes5/i586/squirrelmail-zh_CN-1.4.19-2.2mdvmes5.noarch.rpm\r\n 48986079c93b944c800bbfb26c7be99e mes5/i586/squirrelmail-zh_TW-1.4.19-2.2mdvmes5.noarch.rpm \r\n a11a1f5ab7a3b3b3117dfffe52dfcd86 mes5/SRPMS/squirrelmail-1.4.19-2.2mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n ea9f327eebae1654e3f12cb6a1a3e31b mes5/x86_64/squirrelmail-1.4.19-2.2mdvmes5.noarch.rpm\r\n 3fb9811b775fd2405ad9668ce96f3f3c mes5/x86_64/squirrelmail-ar-1.4.19-2.2mdvmes5.noarch.rpm\r\n 962d33f3ba5fb7cd3b8343a245b2a7a9 mes5/x86_64/squirrelmail-bg-1.4.19-2.2mdvmes5.noarch.rpm\r\n a16168265970e6f7a8070f72bedc10ea mes5/x86_64/squirrelmail-bn-1.4.19-2.2mdvmes5.noarch.rpm\r\n 33f82eb726e4ff90380a416c9eb3c4b8 mes5/x86_64/squirrelmail-ca-1.4.19-2.2mdvmes5.noarch.rpm\r\n cc82e630b454e96215d01265d15e4020 mes5/x86_64/squirrelmail-cs-1.4.19-2.2mdvmes5.noarch.rpm\r\n 3a3883eaad24b6a9a08bd077aa1289eb mes5/x86_64/squirrelmail-cy-1.4.19-2.2mdvmes5.noarch.rpm\r\n a5bade3ed8a972f996c832eeee4e7b5e mes5/x86_64/squirrelmail-cyrus-1.4.19-2.2mdvmes5.noarch.rpm\r\n c671169ff9d0af0f917d7dfae448d2a2 mes5/x86_64/squirrelmail-da-1.4.19-2.2mdvmes5.noarch.rpm\r\n e7a0d88afe23f1834d6085f7f8d17346 mes5/x86_64/squirrelmail-de-1.4.19-2.2mdvmes5.noarch.rpm\r\n 174a6765d07527b362ae3b11086c4d71 mes5/x86_64/squirrelmail-el-1.4.19-2.2mdvmes5.noarch.rpm\r\n e8074843d2ecf1b4d4ffbddbe5eabee3 mes5/x86_64/squirrelmail-en-1.4.19-2.2mdvmes5.noarch.rpm\r\n 8e6c9e372579ae3c1f30be6662a0a3a6 mes5/x86_64/squirrelmail-es-1.4.19-2.2mdvmes5.noarch.rpm\r\n ee2ad002a118479c98055a74aad4c4ae mes5/x86_64/squirrelmail-et-1.4.19-2.2mdvmes5.noarch.rpm\r\n ac4e83f028dc7b4dcd61a67874c461cf mes5/x86_64/squirrelmail-eu-1.4.19-2.2mdvmes5.noarch.rpm\r\n 24c1e4ea1906d0a1357d5fce000943ec mes5/x86_64/squirrelmail-fa-1.4.19-2.2mdvmes5.noarch.rpm\r\n e5b72276ff6c011d57ccd9eae5eb5afb mes5/x86_64/squirrelmail-fi-1.4.19-2.2mdvmes5.noarch.rpm\r\n ed05cb837243aab5c34c5ced89b6d667 mes5/x86_64/squirrelmail-fo-1.4.19-2.2mdvmes5.noarch.rpm\r\n c064a34a17b476253f305fcfc5733a28 mes5/x86_64/squirrelmail-fr-1.4.19-2.2mdvmes5.noarch.rpm\r\n 3f6938d6e9d9ed31eb3b2843e2c1c10d mes5/x86_64/squirrelmail-fy-1.4.19-2.2mdvmes5.noarch.rpm\r\n 1a03d7970be9faa5b7d799d4a86cef20 mes5/x86_64/squirrelmail-he-1.4.19-2.2mdvmes5.noarch.rpm\r\n 38d68106fa4f5233e4e43c1b5526372f mes5/x86_64/squirrelmail-hr-1.4.19-2.2mdvmes5.noarch.rpm\r\n 1b3af6ba164ea6dce41d62838a3d6954 mes5/x86_64/squirrelmail-hu-1.4.19-2.2mdvmes5.noarch.rpm\r\n 89045f43138d5098b5e3ba3fdf5339b4 mes5/x86_64/squirrelmail-id-1.4.19-2.2mdvmes5.noarch.rpm\r\n 044506ec80f5783dfd4098e959ee1c1f mes5/x86_64/squirrelmail-is-1.4.19-2.2mdvmes5.noarch.rpm\r\n 8ea39c5fc8fec65dc75b5ec697646c13 mes5/x86_64/squirrelmail-it-1.4.19-2.2mdvmes5.noarch.rpm\r\n b06b2fa23f29841ce22e6d3639b4e56e mes5/x86_64/squirrelmail-ja-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6205adab500b6099236364d349c6b84f mes5/x86_64/squirrelmail-ka-1.4.19-2.2mdvmes5.noarch.rpm\r\n c0772721d164e1ed9746a6598411df50 mes5/x86_64/squirrelmail-ko-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6db3def8b9510d574dcfa21577a3626f mes5/x86_64/squirrelmail-lt-1.4.19-2.2mdvmes5.noarch.rpm\r\n c6a80aae86b97525d283a96ca717ee5e mes5/x86_64/squirrelmail-ms-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6db3d1e1d3d9b5c744bbe09e9974a645 mes5/x86_64/squirrelmail-nb-1.4.19-2.2mdvmes5.noarch.rpm\r\n 46c663c002545fa730e19e2e5102ca66 mes5/x86_64/squirrelmail-nl-1.4.19-2.2mdvmes5.noarch.rpm\r\n 038a901958fdcb0d16bf20a435efcba6 mes5/x86_64/squirrelmail-nn-1.4.19-2.2mdvmes5.noarch.rpm\r\n dded1323333ec7da88a46ce4e7af0a12 mes5/x86_64/squirrelmail-pl-1.4.19-2.2mdvmes5.noarch.rpm\r\n 539d702753d586df46e66115348a73ae mes5/x86_64/squirrelmail-poutils-1.4.19-2.2mdvmes5.noarch.rpm\r\n 45aa61dc57c27477ecbf90bd76563d40 mes5/x86_64/squirrelmail-pt-1.4.19-2.2mdvmes5.noarch.rpm\r\n 89d9a967ebcdb83f1dc4dcb8c4e44c8c mes5/x86_64/squirrelmail-ro-1.4.19-2.2mdvmes5.noarch.rpm\r\n 7c88cc7c149477d33d1ffb59c13c4867 mes5/x86_64/squirrelmail-ru-1.4.19-2.2mdvmes5.noarch.rpm\r\n 6b32ebc97d21aa079cbdb62a8e2afc34 mes5/x86_64/squirrelmail-sk-1.4.19-2.2mdvmes5.noarch.rpm\r\n 98c1a17d080076ba9657277e7bfe0e7c mes5/x86_64/squirrelmail-sl-1.4.19-2.2mdvmes5.noarch.rpm\r\n 3e251dc27c70146073e593d700de3493 mes5/x86_64/squirrelmail-sr-1.4.19-2.2mdvmes5.noarch.rpm\r\n c42fb2a5b31d32ca3583e363ec5c994e mes5/x86_64/squirrelmail-sv-1.4.19-2.2mdvmes5.noarch.rpm\r\n ad8134c02dd02a8081d572ebd877a9bc mes5/x86_64/squirrelmail-th-1.4.19-2.2mdvmes5.noarch.rpm\r\n 61838d0e7505ec4c615704414044051c mes5/x86_64/squirrelmail-tr-1.4.19-2.2mdvmes5.noarch.rpm\r\n ea599a2e1eb6b0a90c85fec57eb5082f mes5/x86_64/squirrelmail-ug-1.4.19-2.2mdvmes5.noarch.rpm\r\n 845d7a43c4bbf4beac87bc8cd57be920 mes5/x86_64/squirrelmail-uk-1.4.19-2.2mdvmes5.noarch.rpm\r\n dfdebd9ceedf6cf76eb2e02066b3d57e mes5/x86_64/squirrelmail-vi-1.4.19-2.2mdvmes5.noarch.rpm\r\n c38b3e6dea8e0607dec57b31e365f0c6 mes5/x86_64/squirrelmail-zh_CN-1.4.19-2.2mdvmes5.noarch.rpm\r\n 8bbb358300a2747e384a3807ce08d868 mes5/x86_64/squirrelmail-zh_TW-1.4.19-2.2mdvmes5.noarch.rpm \r\n a11a1f5ab7a3b3b3117dfffe52dfcd86 mes5/SRPMS/squirrelmail-1.4.19-2.2mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFKl/K+mqjQ0CJFipgRAtn4AKC5VDiSr2cFD7xA/rHxU/oqCvRT2wCfXanD\r\nO5F41EgMG37iUyAAvI59dJo=\r\n=vh4E\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2009-08-31T00:00:00", "title": "[ MDVSA-2009:222 ] squirrelmail", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2009-08-31T00:00:00", "id": "SECURITYVULNS:DOC:22395", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22395", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:36", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2091-1 security@debian.org\r\nhttp://www.debian.org/security/ Luciano Bello\r\nAugust 12, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : squirrelmail\r\nVulnerability : No user-specific token implemented\r\nProblem type : remote\r\nDebian-specific: no\r\nDebian bug : 543818\r\nCVE ID : CVE-2009-2964 CVE-2010-2813\r\n\r\nSquirrelMail, a webmail application, does not employ a user-specific token \r\nfor webforms. This allows a remote attacker to perform a Cross Site Request \r\nForgery (CSRF) attack. The attacker may hijack the authentication of \r\nunspecified victims and send messages or change user preferences among other \r\nactions, by tricking the victim into following a link controled by the \r\noffender.\r\n\r\nIn addition, a denial-of-service was fixed, which could be triggered when a \r\npasswords containing 8-bit characters was used to log in (CVE-2010-2813).\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 1.4.15-4+lenny3.1.\r\n\r\nFor the testing distribution (squeeze) and the unstable distribution (sid),\r\nthese problems have been fixed in version 1.4.21-1.\r\n\r\nWe recommend that you upgrade your squirrelmail packages.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1.diff.gz\r\n Size/MD5 checksum: 34647 2251562662703a0d8e4f0de309ca60a6\r\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15.orig.tar.gz\r\n Size/MD5 checksum: 621320 87b466fef98e770307afffd75fe25589\r\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1.dsc\r\n Size/MD5 checksum: 1240 a4e2ab21379259946f02a1d30831fe6d\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1_all.deb\r\n Size/MD5 checksum: 615152 d08549fd86ffec2ae16b36e358f50cd6\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJMZFbAAAoJEOxfUAG2iX57E9wH/2R7hpqY9l0OTtMT+TpEP6ld\r\nSWMx1rhE+Vf8nss3AKSx88uAn0szgS0zyVdBuGbksFsKDsLLAyreajwyqyNqYWdf\r\n+saBoZHbOXsE3xQUp1ceHJQ5LO3hPl8e7PlSfb91TVX0PTwjAbflIICGXNXjsT3j\r\n2gQRUWI8VtIbKNaTh0erSS2tU0CHdcWxcVjCmPLJxrDZ5jy9vTgiyc2secI6PLLQ\r\nuXpTBTC4ORRcui1L464cDb0a0xdX9s3qBu5PGydYwGyCMXsf4Vs8atejBUIK/XZq\r\n2aLNcAQuwNHttZtlRuig8LLmavpVEvDXErlFhETOd6UFCz5sVq9yfrMMT3ECli0=\r\n=9dTP\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2010-08-14T00:00:00", "title": "[SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-2813", "CVE-2009-2964"], "modified": "2010-08-14T00:00:00", "id": "SECURITYVULNS:DOC:24526", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24526", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:06:57", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2010-08-14T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-2540", "CVE-2010-2539", "CVE-2010-2813", "CVE-2009-2964"], "modified": "2010-08-14T00:00:00", "id": "SECURITYVULNS:VULN:11070", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11070", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:49", "description": "[1.4.8-5.0.1.el5_4.10]\n- Remove Redhat splash screen images\n[1.4.8-5.10]\n- fix: CVE-2009-2964 : CSRF issues in all forms - extend to all forms\n[1.4.8-5.9]\n- fix: CVE-2009-2964 : CSRF issues in all forms - add missing parts\n[1.4.8-5.8]\n- fix: CVE-2009-2964 : CSRF issues in all forms ", "cvss3": {}, "published": "2009-10-08T00:00:00", "type": "oraclelinux", "title": "squirrelmail security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2009-10-08T00:00:00", "id": "ELSA-2009-1490", "href": "http://linux.oracle.com/errata/ELSA-2009-1490.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T13:06:55", "description": "- Implemented page referal verification mechanism.\n (Secunia Advisory SA34627)\n\n - Implemented security token system. (Secunia Advisory SA34627)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "Fedora 11 : squirrelmail-1.4.19-2.fc11 (2009-8822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:squirrelmail", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8822.NASL", "href": "https://www.tenable.com/plugins/nessus/40686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8822.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40686);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2964\");\n script_xref(name:\"FEDORA\", value:\"2009-8822\");\n\n script_name(english:\"Fedora 11 : squirrelmail-1.4.19-2.fc11 (2009-8822)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Implemented page referal verification mechanism.\n (Secunia Advisory SA34627)\n\n - Implemented security token system. (Secunia Advisory\n SA34627)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=517312\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028224.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a69e104\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"squirrelmail-1.4.19-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:18", "description": "An updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-10-09T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : squirrelmail (CESA-2009:1490)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:squirrelmail", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2009-1490.NASL", "href": "https://www.tenable.com/plugins/nessus/42071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1490 and \n# CentOS Errata and Security Advisory 2009:1490 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42071);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2964\");\n script_bugtraq_id(36196);\n script_xref(name:\"RHSA\", value:\"2009:1490\");\n\n script_name(english:\"CentOS 3 / 4 : squirrelmail (CESA-2009:1490)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated squirrelmail package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker\ntricked a user into visiting a malicious web page, the attacker could\nhijack that user's authentication, inject malicious content into that\nuser's preferences, or possibly send mail without that user's\npermission. (CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016181.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47e6f08f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016182.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a30b9c2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016185.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3723943\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016186.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e2bf560\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"squirrelmail-1.4.8-16.el3.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"squirrelmail-1.4.8-16.el3.centos.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"squirrelmail-1.4.8-5.el4_8.8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:47", "description": "CVE-2009-2964 squirrelmail: CSRF issues in all forms\n\nForm submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964)", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091008_SQUIRRELMAIL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60676);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2964\");\n\n script_name(english:\"Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2964 squirrelmail: CSRF issues in all forms\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker\ntricked a user into visiting a malicious web page, the attacker could\nhijack that user's authentication, inject malicious content into that\nuser's preferences, or possibly send mail without that user's\npermission. (CVE-2009-2964)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0910&L=scientific-linux-errata&T=0&P=1068\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a17d921e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"squirrelmail-1.4.8-16.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"squirrelmail-1.4.8-5.el4_8.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"squirrelmail-1.4.8-5.el5_4.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:54", "description": "The remote host is running SquirrelMail, a web-based email client. The installed version of SquirrelMail is potentially affected by cross-site request forgery vulnerabilities on all form submissions.", "cvss3": {"score": 3.7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2009-08-12T00:00:00", "type": "nessus", "title": "SquirrelMail < 1.4.20 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*"], "id": "5147.PRM", "href": "https://www.tenable.com/plugins/nnm/5147", "sourceData": "Binary data 5147.prm", "cvss": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:54:18", "description": "From Red Hat Security Advisory 2009:1490 :\n\nAn updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : squirrelmail (ELSA-2009-1490)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:squirrelmail", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1490.NASL", "href": "https://www.tenable.com/plugins/nessus/67938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1490 and \n# Oracle Linux Security Advisory ELSA-2009-1490 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67938);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2964\");\n script_bugtraq_id(36196);\n script_xref(name:\"RHSA\", value:\"2009:1490\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : squirrelmail (ELSA-2009-1490)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1490 :\n\nAn updated squirrelmail package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker\ntricked a user into visiting a malicious web page, the attacker could\nhijack that user's authentication, inject malicious content into that\nuser's preferences, or possibly send mail without that user's\npermission. (CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001190.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001191.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001192.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"squirrelmail-1.4.8-16.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"squirrelmail-1.4.8-16.0.1.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"squirrelmail-1.4.8-5.0.1.el4_8.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"squirrelmail-1.4.8-5.0.1.el5_4.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:03", "description": "- Implemented page referal verification mechanism.\n (Secunia Advisory SA34627)\n\n - Implemented security token system. (Secunia Advisory SA34627)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "Fedora 10 : squirrelmail-1.4.19-2.fc10 (2009-8797)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:squirrelmail", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-8797.NASL", "href": "https://www.tenable.com/plugins/nessus/40678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8797.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40678);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2964\");\n script_xref(name:\"FEDORA\", value:\"2009-8797\");\n\n script_name(english:\"Fedora 10 : squirrelmail-1.4.19-2.fc10 (2009-8797)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Implemented page referal verification mechanism.\n (Secunia Advisory SA34627)\n\n - Implemented security token system. (Secunia Advisory\n SA34627)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=517312\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028197.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76f42a4b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"squirrelmail-1.4.19-2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:16", "description": "An updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-10-09T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:1490)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:squirrelmail", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2009-1490.NASL", "href": "https://www.tenable.com/plugins/nessus/42077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42077);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2964\");\n script_bugtraq_id(36196);\n script_xref(name:\"RHSA\", value:\"2009:1490\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:1490)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated squirrelmail package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker\ntricked a user into visiting a malicious web page, the attacker could\nhijack that user's authentication, inject malicious content into that\nuser's preferences, or possibly send mail without that user's\npermission. (CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2009-08-12\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1490\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"squirrelmail-1.4.8-16.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"squirrelmail-1.4.8-5.el4_8.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"squirrelmail-1.4.8-5.el5_4.10\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:20", "description": "SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controlled by the offender.\n\nIn addition, a denial-of-service was fixed, which could be triggered when a password containing 8-bit characters was used to log in (CVE-2010-2813 ).", "cvss3": {"score": null, "vector": null}, "published": "2010-08-17T00:00:00", "type": "nessus", "title": "Debian DSA-2091-1 : squirrelmail - No user-specific token implemented", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2964", "CVE-2010-2813"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:squirrelmail", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2091.NASL", "href": "https://www.tenable.com/plugins/nessus/48344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2091. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48344);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2964\", \"CVE-2010-2813\");\n script_bugtraq_id(36196, 42399);\n script_xref(name:\"DSA\", value:\"2091\");\n\n script_name(english:\"Debian DSA-2091-1 : squirrelmail - No user-specific token implemented\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SquirrelMail, a webmail application, does not employ a user-specific\ntoken for webforms. This allows a remote attacker to perform a Cross\nSite Request Forgery (CSRF) attack. The attacker may hijack the\nauthentication of unspecified victims and send messages or change user\npreferences among other actions, by tricking the victim into following\na link controlled by the offender.\n\nIn addition, a denial-of-service was fixed, which could be triggered\nwhen a password containing 8-bit characters was used to log in\n(CVE-2010-2813 ).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2091\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the squirrelmail packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny3.1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"squirrelmail\", reference:\"1.4.15-4+lenny3.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T15:28:51", "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-004 applied. \n\nThis security update contains fixes for the following components :\n\n - CUPS\n - DesktopServices\n - Flash Player plug-in\n - Folder Manager\n - iChat\n - ImageIO\n - Kerberos\n - Kernel\n - libcurl\n - Network Authorization\n - Ruby\n - SMB File Server\n - SquirrelMail\n - Wiki Server", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2010-06-15T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2010-004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1578", "CVE-2009-1579", "CVE-2009-1580", "CVE-2009-1581", "CVE-2009-2964", "CVE-2009-4212", "CVE-2010-0186", "CVE-2010-0187", "CVE-2010-0302", "CVE-2010-0540", "CVE-2010-0541", "CVE-2010-0543", "CVE-2010-0545", "CVE-2010-0546", "CVE-2010-0734", "CVE-2010-1374", "CVE-2010-1375", "CVE-2010-1381", "CVE-2010-1382", "CVE-2010-1411", "CVE-2010-1748", "CVE-2010-1816", "CVE-2010-1821"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2010-004.NASL", "href": "https://www.tenable.com/plugins/nessus/47024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47024);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-1578\",\n \"CVE-2009-1579\",\n \"CVE-2009-1580\",\n \"CVE-2009-1581\",\n \"CVE-2009-2964\",\n \"CVE-2009-4212\",\n \"CVE-2010-0186\",\n \"CVE-2010-0187\",\n \"CVE-2010-0302\",\n \"CVE-2010-0540\",\n \"CVE-2010-0541\",\n \"CVE-2010-0543\",\n \"CVE-2010-0545\",\n \"CVE-2010-0546\",\n \"CVE-2010-0734\",\n \"CVE-2010-1374\",\n \"CVE-2010-1375\",\n \"CVE-2010-1381\",\n \"CVE-2010-1382\",\n \"CVE-2010-1411\",\n \"CVE-2010-1748\",\n \"CVE-2010-1816\",\n \"CVE-2010-1821\"\n );\n script_bugtraq_id(\n 34916,\n 36196,\n 37749,\n 38198,\n 38200,\n 38510,\n 40887,\n 40889,\n 40892,\n 40893,\n 40894,\n 40895,\n 40896,\n 40897,\n 40898\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2010-004)\");\n script_summary(english:\"Check for the presence of Security Update 2010-004\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes a security\nissue.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-004 applied. \n\nThis security update contains fixes for the following components :\n\n - CUPS\n - DesktopServices\n - Flash Player plug-in\n - Folder Manager\n - iChat\n - ImageIO\n - Kerberos\n - Kernel\n - libcurl\n - Network Authorization\n - Ruby\n - SMB File Server\n - SquirrelMail\n - Wiki Server\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4188\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2010-004 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(79, 94, 189, 287, 352, 399);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/15\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(1, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^9\\.[0-8]\\.\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2010\\.00[4-9]|201[1-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2010-004 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:51", "description": "Versions of Mac OS X 10.6 earlier than 10.6.4 are potentially affected by multiple vulnerabilities. Mac OS X 10.6.4 contains security fixes for the following products :\n\n - CUPS\n\n - DesktopServices\n\n - Flash Player plug-in\n\n - Folder Manager\n\n - Help Viewer\n\n - iChat\n\n - ImageIO\n\nKerberos\n\n - libcurl\n\n - Network Authorization\n\n - Open Directory\n\n - Printer Setup\n\n - Printing\n\n - Ruby\n\n - SMB File Server\n\n - SquirrelMail\n\n - Wiki Server", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2010-06-15T00:00:00", "type": "nessus", "title": "Mac OS X 10.6 < 10.6.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1580", "CVE-2009-1581", "CVE-2009-1578", "CVE-2009-1579", "CVE-2010-0302", "CVE-2010-0734", "CVE-2010-0186", "CVE-2010-1411", "CVE-2009-4212", "CVE-2010-0540", "CVE-2010-1748", "CVE-2010-0541", "CVE-2010-0187", "CVE-2009-2964", "CVE-2010-1320", "CVE-2010-0283", "CVE-2010-1374", "CVE-2010-1377", "CVE-2010-1380", "CVE-2010-0543", "CVE-2010-0545", "CVE-2010-0546", "CVE-2010-1373", "CVE-2010-1376", "CVE-2010-1379", "CVE-2010-1381", "CVE-2010-1382"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "5571.PRM", "href": "https://www.tenable.com/plugins/nnm/5571", "sourceData": "Binary data 5571.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:50", "description": "Versions of Mac OS X 10.6 earlier than 10.6.4 are potentially affected by multiple vulnerabilities. Mac OS X 10.6.4 contains security fixes for the following products :\n\n - CUPS\n\n - DesktopServices\n\n - Flash Player plug-in\n\n - Folder Manager\n\n - Help Viewer\n\n - iChat\n\n - ImageIO\n\nKerberos\n\n - libcurl\n\n - Network Authorization\n\n - Open Directory\n\n - Printer Setup\n\n - Printing\n\n - Ruby\n\n - SMB File Server\n\n - SquirrelMail\n\n - Wiki Server", "cvss3": {"score": null, "vector": null}, "published": "2010-06-15T00:00:00", "type": "nessus", "title": "Mac OS X 10.6 < 10.6.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1580", "CVE-2009-1581", "CVE-2009-1578", "CVE-2009-1579", "CVE-2010-0302", "CVE-2010-0734", "CVE-2010-0186", "CVE-2010-1411", "CVE-2009-4212", "CVE-2010-0540", "CVE-2010-1748", "CVE-2010-0541", "CVE-2010-0187", "CVE-2009-2964", "CVE-2010-1320", "CVE-2010-0283", "CVE-2010-1374", "CVE-2010-1377", "CVE-2010-1380", "CVE-2010-0543", "CVE-2010-0545", "CVE-2010-0546", "CVE-2010-1373", "CVE-2010-1376", "CVE-2010-1379", "CVE-2010-1381", "CVE-2010-1382"], "modified": "2010-06-15T00:00:00", "cpe": [], "id": "800793.PRM", "href": "https://www.tenable.com/plugins/lce/800793", "sourceData": "Binary data 800793.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:04:03", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.4.\n\nMac OS X 10.6.4 contains security fixes for the following components :\n\n - CUPS\n - DesktopServices\n - Flash Player plug-in\n - Folder Manager\n - Help Viewer\n - iChat\n - ImageIO\n - Kerberos\n - Kernel\n - libcurl\n - Network Authorization\n - Open Directory\n - Printer Setup\n - Printing\n - Ruby\n - SMB File Server\n - SquirrelMail\n - Wiki Server", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2010-06-15T00:00:00", "type": "nessus", "title": "Mac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1578", "CVE-2009-1579", "CVE-2009-1580", "CVE-2009-1581", "CVE-2009-2964", "CVE-2009-4212", "CVE-2010-0186", "CVE-2010-0187", "CVE-2010-0283", "CVE-2010-0302", "CVE-2010-0540", "CVE-2010-0541", "CVE-2010-0545", "CVE-2010-0546", "CVE-2010-0734", "CVE-2010-1320", "CVE-2010-1373", "CVE-2010-1374", "CVE-2010-1376", "CVE-2010-1377", "CVE-2010-1379", "CVE-2010-1380", "CVE-2010-1381", "CVE-2010-1382", "CVE-2010-1411", "CVE-2010-1748", "CVE-2010-1816", "CVE-2010-1821"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_4.NASL", "href": "https://www.tenable.com/plugins/nessus/47023", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47023);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-1578\",\n \"CVE-2009-1579\",\n \"CVE-2009-1580\",\n \"CVE-2009-1581\",\n \"CVE-2009-2964\",\n \"CVE-2009-4212\",\n \"CVE-2010-0186\",\n \"CVE-2010-0187\",\n \"CVE-2010-0283\",\n \"CVE-2010-0302\",\n \"CVE-2010-0540\",\n \"CVE-2010-0541\",\n \"CVE-2010-0545\",\n \"CVE-2010-0546\",\n \"CVE-2010-0734\",\n \"CVE-2010-1320\",\n \"CVE-2010-1373\",\n \"CVE-2010-1374\",\n \"CVE-2010-1376\",\n \"CVE-2010-1377\",\n \"CVE-2010-1379\",\n \"CVE-2010-1380\",\n \"CVE-2010-1381\",\n \"CVE-2010-1382\",\n \"CVE-2010-1411\",\n \"CVE-2010-1748\",\n \"CVE-2010-1816\",\n \"CVE-2010-1821\"\n );\n script_bugtraq_id(\n 34916,\n 36196,\n 37749,\n 38198,\n 38200,\n 38260,\n 38510,\n 39599,\n 40886,\n 40887,\n 40888,\n 40889,\n 40892,\n 40893,\n 40895,\n 40897,\n 40902,\n 40903,\n 40905\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.4.\n\nMac OS X 10.6.4 contains security fixes for the following components :\n\n - CUPS\n - DesktopServices\n - Flash Player plug-in\n - Folder Manager\n - Help Viewer\n - iChat\n - ImageIO\n - Kerberos\n - Kernel\n - libcurl\n - Network Authorization\n - Open Directory\n - Printer Setup\n - Printing\n - Ruby\n - SMB File Server\n - SquirrelMail\n - Wiki Server\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4188\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.4 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 79, 94, 189, 287, 352, 399);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/15\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(1, \"The 'Host/OS' KB item is missing.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The 'Host/MacOSX/Version' KB item is missing.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-3]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T21:32:49", "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.", "cvss3": {}, "published": "2009-08-25T17:30:00", "type": "cve", "title": "CVE-2009-2964", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:squirrelmail:squirrelmail:1.4.6_cvs", "cpe:/a:squirrelmail:squirrelmail:1.0.5", "cpe:/a:squirrelmail:squirrelmail:0.1.2", "cpe:/a:squirrelmail:squirrelmail:1.4.8.4fc6", "cpe:/a:squirrelmail:squirrelmail:1.4.0_rc1", "cpe:/a:squirrelmail:squirrelmail:1.4.10", "cpe:/a:squirrelmail:squirrelmail:1.4.0_rc2a", "cpe:/a:squirrelmail:squirrelmail:1.4.7", "cpe:/a:squirrelmail:squirrelmail:1.2.8", "cpe:/a:squirrelmail:squirrelmail:1.0.3", "cpe:/a:squirrelmail:squirrelmail:1.3.0", "cpe:/a:squirrelmail:squirrelmail:1.3.1", "cpe:/a:squirrelmail:squirrelmail:1.0", "cpe:/a:squirrelmail:squirrelmail:1.4.16", "cpe:/a:squirrelmail:squirrelmail:0.1.1", "cpe:/a:squirrelmail:squirrelmail:1.4.4", "cpe:/a:squirrelmail:squirrelmail:1.2.1", "cpe:/a:squirrelmail:squirrelmail:1.2.11", "cpe:/a:squirrelmail:squirrelmail:1.4.9a", "cpe:/a:squirrelmail:squirrelmail:1.4.6_rc1", "cpe:/a:squirrelmail:squirrelmail:1.4", "cpe:/a:squirrelmail:squirrelmail:1.2.2", "cpe:/a:squirrelmail:squirrelmail:1.4.13", "cpe:/a:squirrelmail:squirrelmail:1.4.3_r3", "cpe:/a:squirrelmail:squirrelmail:1.2", "cpe:/a:squirrelmail:squirrelmail:1.4.19", "cpe:/a:squirrelmail:squirrelmail:1.2.0", "cpe:/a:squirrelmail:squirrelmail:1.1.2", "cpe:/a:squirrelmail:squirrelmail:1.4.10a", "cpe:/a:squirrelmail:squirrelmail:1.4.3a", "cpe:/a:squirrelmail:squirrelmail:1.2.9", "cpe:/a:squirrelmail:squirrelmail:1.4.15_rc1", "cpe:/a:squirrelmail:squirrelmail:1.0.1", "cpe:/a:squirrelmail:squirrelmail:1.4.2", "cpe:/a:squirrelmail:squirrelmail:1.4.5", "cpe:/a:squirrelmail:squirrelmail:1.2.7", "cpe:/a:squirrelmail:squirrelmail:1.4.0", "cpe:/a:squirrelmail:squirrelmail:1.2.3", "cpe:/a:squirrelmail:squirrelmail:1.4.17", "cpe:/a:squirrelmail:squirrelmail:1.4.18", "cpe:/a:squirrelmail:squirrelmail:1.4.6", "cpe:/a:squirrelmail:squirrelmail:1.4.2-r1", "cpe:/a:squirrelmail:squirrelmail:1.2.4", "cpe:/a:squirrelmail:squirrelmail:1.4.2-r3", "cpe:/a:squirrelmail:squirrelmail:1.4.4_rc1", "cpe:/a:squirrelmail:squirrelmail:1.4.3aa", "cpe:/a:squirrelmail:squirrelmail:1.1.1", "cpe:/a:squirrelmail:squirrelmail:1.0.6", "cpe:/a:squirrelmail:squirrelmail:1.4.3", "cpe:/a:squirrelmail:squirrelmail:1.0pre2", "cpe:/a:squirrelmail:squirrelmail:1.2.5", "cpe:/a:squirrelmail:squirrelmail:1.2.0_rc3", "cpe:/a:squirrelmail:squirrelmail:1.4.8", "cpe:/a:squirrelmail:squirrelmail:1.4.1", "cpe:/a:squirrelmail:squirrelmail:1.4.11", "cpe:/a:squirrelmail:squirrelmail:1.4.15rc1", "cpe:/a:squirrelmail:squirrelmail:1.4.5_rc1", "cpe:/a:squirrelmail:squirrelmail:1.2.6", "cpe:/a:squirrelmail:squirrelmail:1.4_rc1", "cpe:/a:squirrelmail:squirrelmail:1.4.0-r1", "cpe:/a:squirrelmail:squirrelmail:1.0.2", "cpe:/a:squirrelmail:squirrelmail:1.4.15", "cpe:/a:squirrelmail:squirrelmail:1.4.9", "cpe:/a:squirrelmail:squirrelmail:1.1.0", "cpe:/a:squirrelmail:squirrelmail:1.4.2-r5", "cpe:/a:squirrelmail:squirrelmail:1.0pre3", "cpe:/a:squirrelmail:squirrelmail:1.1.3", "cpe:/a:squirrelmail:squirrelmail:1.2.10", "cpe:/a:squirrelmail:squirrelmail:1.3.2", "cpe:/a:squirrelmail:squirrelmail:1.4.3_rc1", "cpe:/a:squirrelmail:squirrelmail:1.4.2-r4", "cpe:/a:squirrelmail:squirrelmail:1.4.2-r2", "cpe:/a:squirrelmail:squirrelmail:1.2.6-rc1", "cpe:/a:squirrelmail:squirrelmail:1.4.12", "cpe:/a:squirrelmail:squirrelmail:1.0pre1", "cpe:/a:squirrelmail:squirrelmail:1.0.4"], "id": "CVE-2009-2964", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2964", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*", "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T18:38:50", "description": "CVE(CAN) ID: CVE-2009-2964\r\n\r\nSquirrelMail\u662f\u4e00\u6b3ePHP\u7f16\u5199\u7684WEBMAIL\u7a0b\u5e8f\u3002\r\n\r\nSquirrelMail\u6ca1\u6709\u6b63\u786e\u5730\u8fc7\u6ee4\u7528\u6237\u5411\u591a\u4e2a\u8868\u5355\uff08\u53d1\u9001\u6d88\u606f\u3001\u66f4\u6539\u504f\u597d\u7b49\uff09\u6240\u63d0\u4ea4\u7684\u5185\u5bb9\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\u6267\u884c\u5220\u9664\u90ae\u4ef6\u3001\u53d1\u9001\u90ae\u4ef6\u7b49\u64cd\u4f5c\u3002\u4ee5\u4e0b\u662f\u53d7\u5f71\u54cd\u7684\u9875\u9762\uff1a\r\n\r\nfunctions/mailbox_display.php\r\nsrc/addrbook_search_html.php\r\nsrc/addressbook.php\r\nsrc/compose.php\r\nsrc/folders.php\r\nsrc/folders_create.php\r\nsrc/folders_delete.php\r\nsrc/folders_rename_do.php\r\nsrc/folders_rename_getname.php\r\nsrc/folders_subscribe.php\r\nsrc/move_messages.php\r\nsrc/options.php\r\nsrc/options_highlight.php\r\nsrc/options_identities.php\r\nsrc/options_order.php\r\nsrc/search.php\r\nsrc/vcard.php\n\nSquirrelMail <= 1.4.19\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSquirrelMail\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818", "cvss3": {}, "published": "2009-08-28T00:00:00", "title": "SquirrelMail\u591a\u4e2a\u8868\u5355\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-2964"], "modified": "2009-08-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12149", "id": "SSV:12149", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "veracode": [{"lastseen": "2022-07-27T10:13:57", "description": "SquirrelMail is vulnerable to cross-site request forgery (CSRF). Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. \n", "cvss3": {}, "published": "2020-04-10T00:39:18", "type": "veracode", "title": "Cross-site Request Forgery (CSRF)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964"], "modified": "2022-04-19T18:26:38", "id": "VERACODE:23891", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23891/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:59:38", "description": "**CentOS Errata and Security Advisory** CESA-2009:1490\n\n\nSquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\nuser into visiting a malicious web page, the attacker could hijack that\nuser's authentication, inject malicious content into that user's\npreferences, or possibly send mail without that user's permission.\n(CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-October/053100.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-October/053101.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-October/053104.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-October/053105.html\n\n**Affected packages:**\nsquirrelmail\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:1490", "cvss3": {}, "published": "2009-10-08T20:55:32", "type": "centos", "title": "squirrelmail security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964"], "modified": "2009-10-09T15:11:33", "id": "CESA-2009:1490", "href": "https://lists.centos.org/pipermail/centos-announce/2009-October/053100.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:42:55", "description": "SquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\nuser into visiting a malicious web page, the attacker could hijack that\nuser's authentication, inject malicious content into that user's\npreferences, or possibly send mail without that user's permission.\n(CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.", "cvss3": {}, "published": "2009-10-08T00:00:00", "type": "redhat", "title": "(RHSA-2009:1490) Moderate: squirrelmail security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964"], "modified": "2018-05-26T00:26:17", "id": "RHSA-2009:1490", "href": "https://access.redhat.com/errata/RHSA-2009:1490", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T00:32:54", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2091-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nAugust 12, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : squirrelmail\nVulnerability : No user-specific token implemented\nProblem type : remote\nDebian-specific: no\nDebian bug : 543818\nCVE ID : CVE-2009-2964 CVE-2010-2813\n\nSquirrelMail, a webmail application, does not employ a user-specific token \nfor webforms. This allows a remote attacker to perform a Cross Site Request \nForgery (CSRF) attack. The attacker may hijack the authentication of \nunspecified victims and send messages or change user preferences among other \nactions, by tricking the victim into following a link controled by the \noffender.\n\nIn addition, a denial-of-service was fixed, which could be triggered when a \npasswords containing 8-bit characters was used to log in (CVE-2010-2813).\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny3.1.\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 1.4.21-1.\n\nWe recommend that you upgrade your squirrelmail packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1.diff.gz\n Size/MD5 checksum: 34647 2251562662703a0d8e4f0de309ca60a6\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15.orig.tar.gz\n Size/MD5 checksum: 621320 87b466fef98e770307afffd75fe25589\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1.dsc\n Size/MD5 checksum: 1240 a4e2ab21379259946f02a1d30831fe6d\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1_all.deb\n Size/MD5 checksum: 615152 d08549fd86ffec2ae16b36e358f50cd6\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2010-08-12T20:20:02", "type": "debian", "title": "[SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964", "CVE-2010-2813"], "modified": "2010-08-12T20:20:02", "id": "DEBIAN:DSA-2091-1:23614", "href": "https://lists.debian.org/debian-security-announce/2010/msg00136.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:08:45", "description": "\nSquirrelMail, a webmail application, does not employ a user-specific token \nfor webforms. This allows a remote attacker to perform a Cross Site Request \nForgery (CSRF) attack. The attacker may hijack the authentication of \nunspecified victims and send messages or change user preferences among other \nactions, by tricking the victim into following a link controlled by the \noffender.\n\n\nIn addition, a denial-of-service was fixed, which could be triggered when a \npassword containing 8-bit characters was used to log in ([CVE-2010-2813](https://security-tracker.debian.org/tracker/CVE-2010-2813)).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny3.1.\n\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 1.4.21-1.\n\n\nWe recommend that you upgrade your squirrelmail packages.\n\n\n", "cvss3": {}, "published": "2010-08-12T00:00:00", "type": "osv", "title": "squirrelmail - cross-site request forgery", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2964", "CVE-2010-2813"], "modified": "2022-08-10T07:08:38", "id": "OSV:DSA-2091-1", "href": "https://osv.dev/vulnerability/DSA-2091-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}