Lucene search
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.comOPENVAS:55204HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 793-1 (courier)
2008-01-1700:00:00
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
4
0.007 Low
EPSS
Percentile
77.9%
The remote host is missing an update to courier
announced via advisory DSA 793-1.
Jakob Balle discovered a vulnerability in the handling of attachments
in sqwebmail, a web mail application provided by the courier mail
suite, which can be exploited by an attacker to conduct script
insertion attacks.
For the old stable distribution (woody) this problem has been fixed in
version 0.37.3-2.6.
# OpenVAS Vulnerability Test
# $Id: deb_793_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 793-1
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_solution = "For the stable distribution (sarge) this problem has been fixed in
version 0.47-4sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 0.47-8.
We recommend that you upgrade your sqwebmail package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20793-1";
tag_summary = "The remote host is missing an update to courier
announced via advisory DSA 793-1.
Jakob Balle discovered a vulnerability in the handling of attachments
in sqwebmail, a web mail application provided by the courier mail
suite, which can be exploited by an attacker to conduct script
insertion attacks.
For the old stable distribution (woody) this problem has been fixed in
version 0.37.3-2.6.";
if(description)
{
script_id(55204);
script_version("$Revision: 6616 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)");
script_bugtraq_id(14650);
script_cve_id("CVE-2005-2724");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("Debian Security Advisory DSA 793-1 (courier)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"courier-doc", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-authdaemon", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-authmysql", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-base", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-debug", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-imap", ver:"1.4.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-ldap", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-maildrop", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-mlm", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-mta", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-pcp", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-pop", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-webadmin", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"sqwebmail", ver:"0.37.3-2.6", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-doc", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-authdaemon", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-authmysql", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-authpostgresql", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-base", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-faxmail", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-imap", ver:"3.0.8-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-imap-ssl", ver:"3.0.8-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-ldap", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-maildrop", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-mlm", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-mta", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-mta-ssl", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-pcp", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-pop", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-pop-ssl", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-ssl", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"courier-webadmin", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"sqwebmail", ver:"0.47-4sarge2", rls:"DEB3.1")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
Related
debian
debian
[SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scripting
2005-09-01 00:00:00
[SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scripting
2005-09-01 10:31:57
cve
cve
CVE-2005-2724
2005-08-30 11:45:00
debiancve
debiancve
CVE-2005-2724
2005-08-30 11:45:00
ubuntucve
ubuntucve
CVE-2005-2724
2005-08-30 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-793-1)
2008-01-17 00:00:00
ubuntu
ubuntu
SqWebmail vulnerabilities
2005-10-12 00:00:00
nessus
nessus
Ubuntu 4.10 / 5.04 : courier vulnerabilities (USN-201-1)
2006-01-15 00:00:00
Debian DSA-793-1 : courier - missing input sanitising
2005-09-06 00:00:00