ID RHSA-2005:099 Type redhat Reporter RedHat Modified 2017-09-08T12:18:45
Description
SquirrelMail is a standards-based webmail package written in PHP4.
Jimmy Conner discovered a missing variable initialization in Squirrelmail.
This flaw could allow potential insecure file inclusions on servers where
the PHP setting "register_globals" is set to "On". This is not a default or
recommended setting. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.
A URL sanitisation bug was found in Squirrelmail. This flaw could allow a
cross site scripting attack when loading the URL for the sidebar. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0103 to this issue.
A missing variable initialization bug was found in Squirrelmail. This flaw
could allow a cross site scripting attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to
this issue.
Users of Squirrelmail are advised to upgrade to this updated package,
which contains backported patches to correct these issues.
{"id": "RHSA-2005:099", "hash": "390afb64f7e3b3bc56fc85ad5a104fd5", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:099) squirrelmail security update", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail.\nThis flaw could allow potential insecure file inclusions on servers where\nthe PHP setting \"register_globals\" is set to \"On\". This is not a default or\nrecommended setting. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a\ncross site scripting attack when loading the URL for the sidebar. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw\ncould allow a cross site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to\nthis issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "published": "2005-02-15T05:00:00", "modified": "2017-09-08T12:18:45", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2005:099", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-0075", "CVE-2005-0103", "CVE-2005-0104"], "lastseen": "2019-08-13T18:46:49", "history": [{"bulletin": {"id": "RHSA-2005:099", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:099) squirrelmail security update", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail.\nThis flaw could allow potential insecure file inclusions on servers where\nthe PHP setting \"register_globals\" is set to \"On\". This is not a default or\nrecommended setting. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a\ncross site scripting attack when loading the URL for the sidebar. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw\ncould allow a cross site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to\nthis issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "published": "2005-02-15T05:00:00", "modified": "2015-04-24T14:19:48", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:099", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-0104", "CVE-2005-0103", "CVE-2005-0075"], "lastseen": "2016-09-04T11:18:01", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.4.3a-9.EL4", "packageName": "squirrelmail", "packageFilename": "squirrelmail-1.4.3a-9.EL4.noarch.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "noarch"}, {"packageVersion": "1.4.3a-9.EL4", "packageName": "squirrelmail", "packageFilename": "squirrelmail-1.4.3a-9.EL4.src.rpm", "operator": "lt", "OSVersion": "any", "OS": "RedHat", "arch": "src"}]}, "lastseen": "2016-09-04T11:18:01", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2005:099", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:099) squirrelmail security update", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail.\nThis flaw could allow potential insecure file inclusions on servers where\nthe PHP setting \"register_globals\" is set to \"On\". This is not a default or\nrecommended setting. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a\ncross site scripting attack when loading the URL for the sidebar. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw\ncould allow a cross site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to\nthis issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "published": "2005-02-15T05:00:00", "modified": "2017-07-28T09:33:14", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:099", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-0075", "CVE-2005-0103", "CVE-2005-0104"], "lastseen": "2017-07-30T14:58:13", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.4.3a-9.EL4", "packageName": "squirrelmail", "packageFilename": "squirrelmail-1.4.3a-9.EL4.noarch.rpm", "arch": "noarch", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2017-07-30T14:58:13", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2005:099", "hash": "dfb2e3393d8c779d3315ac0ddf6cb32e", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:099) squirrelmail security update", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail.\nThis flaw could allow potential insecure file inclusions on servers where\nthe PHP setting \"register_globals\" is set to \"On\". This is not a default or\nrecommended setting. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a\ncross site scripting attack when loading the URL for the sidebar. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw\ncould allow a cross site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to\nthis issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "published": "2005-02-15T05:00:00", "modified": "2017-09-08T12:18:45", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:099", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-0075", "CVE-2005-0103", "CVE-2005-0104"], "lastseen": "2017-09-09T07:20:14", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.4.3a-9.EL4", "packageName": "squirrelmail", "packageFilename": "squirrelmail-1.4.3a-9.EL4.noarch.rpm", "arch": "noarch", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "1.4.3a-9.EL4", "packageName": "squirrelmail", "packageFilename": "squirrelmail-1.4.3a-9.EL4.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:14", "differentElements": ["affectedPackage"], "edition": 3}, {"bulletin": {"id": "RHSA-2005:099", "hash": "1bf8097b6282396ce2a3f7841470ee27", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:099) squirrelmail security update", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail.\nThis flaw could allow potential insecure file inclusions on servers where\nthe PHP setting \"register_globals\" is set to \"On\". This is not a default or\nrecommended setting. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a\ncross site scripting attack when loading the URL for the sidebar. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw\ncould allow a cross site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to\nthis issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "published": "2005-02-15T05:00:00", "modified": "2017-09-08T12:18:45", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:099", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-0075", "CVE-2005-0103", "CVE-2005-0104"], "lastseen": "2018-12-11T17:41:19", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0103", "CVE-2005-0104", "CVE-2005-0075"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2005-099.NASL", "SQUIRRELMAIL_144.NASL", "REDHAT-RHSA-2005-135.NASL", "GENTOO_GLSA-200501-39.NASL", "FREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL", "DEBIAN_DSA-662.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231016228", "OPENVAS:54825", "OPENVAS:52996", "OPENVAS:53523", "OPENVAS:53494"]}, {"type": "gentoo", "idList": ["GLSA-200501-39"]}, {"type": "redhat", "idList": ["RHSA-2005:135"]}, {"type": "freebsd", "idList": ["79630C0C-8DCC-45D0-9908-4087FE1D618C"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:7711"]}, {"type": "osvdb", "idList": ["OSVDB:13146", "OSVDB:13145", "OSVDB:13147"]}, {"type": "debian", "idList": ["DEBIAN:DSA-662-2:ABDC1", "DEBIAN:DSA-662-1:48E98"]}], "modified": "2018-12-11T17:41:19"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "noarch", "packageName": "squirrelmail", "packageVersion": "1.4.3a-9.EL4", "packageFilename": "squirrelmail-1.4.3a-9.EL4.noarch.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:41:19", "differentElements": ["cvss"], "edition": 4}, {"bulletin": {"id": "RHSA-2005:099", "hash": "8489764f2b344e0be02ae182510b87ae", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:099) squirrelmail security update", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail.\nThis flaw could allow potential insecure file inclusions on servers where\nthe PHP setting \"register_globals\" is set to \"On\". This is not a default or\nrecommended setting. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a\ncross site scripting attack when loading the URL for the sidebar. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw\ncould allow a cross site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to\nthis issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "published": "2005-02-15T05:00:00", "modified": "2017-09-08T12:18:45", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2005:099", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2005-0075", "CVE-2005-0103", "CVE-2005-0104"], "lastseen": "2019-05-29T14:34:04", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2019-05-29T14:34:04"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0104", "CVE-2005-0103", "CVE-2005-0075"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200501-39.NASL", "REDHAT-RHSA-2005-135.NASL", "REDHAT-RHSA-2005-099.NASL", "SQUIRRELMAIL_144.NASL", "FREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL", "DEBIAN_DSA-662.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54825", "OPENVAS:136141256231016228", "OPENVAS:52996", "OPENVAS:53523", "OPENVAS:53494"]}, {"type": "redhat", "idList": ["RHSA-2005:135"]}, {"type": "gentoo", "idList": ["GLSA-200501-39"]}, {"type": "freebsd", "idList": ["79630C0C-8DCC-45D0-9908-4087FE1D618C"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:7711"]}, {"type": "osvdb", "idList": ["OSVDB:13146", "OSVDB:13145", "OSVDB:13147"]}, {"type": "debian", "idList": ["DEBIAN:DSA-662-2:ABDC1", "DEBIAN:DSA-662-1:48E98"]}], "modified": "2019-05-29T14:34:04"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "noarch", "packageName": "squirrelmail", "packageVersion": "1.4.3a-9.EL4", "packageFilename": "squirrelmail-1.4.3a-9.EL4.noarch.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:34:04", "differentElements": ["affectedPackage"], "edition": 5}], "viewCount": 0, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2019-08-13T18:46:49"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0104", "CVE-2005-0103", "CVE-2005-0075"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200501-39.NASL", "REDHAT-RHSA-2005-135.NASL", "REDHAT-RHSA-2005-099.NASL", "SQUIRRELMAIL_144.NASL", "FREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL", "DEBIAN_DSA-662.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54825", "OPENVAS:136141256231016228", "OPENVAS:52996", "OPENVAS:53523", "OPENVAS:53494"]}, {"type": "redhat", "idList": ["RHSA-2005:135"]}, {"type": "gentoo", "idList": ["GLSA-200501-39"]}, {"type": "freebsd", "idList": ["79630C0C-8DCC-45D0-9908-4087FE1D618C"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:7711"]}, {"type": "osvdb", "idList": ["OSVDB:13146", "OSVDB:13145", "OSVDB:13147"]}, {"type": "debian", "idList": ["DEBIAN:DSA-662-1:48E98", "DEBIAN:DSA-662-2:ABDC1"]}], "modified": "2019-08-13T18:46:49"}, "vulnersScore": 5.8}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "src", "packageName": "squirrelmail", "packageVersion": "1.4.3a-9.EL4", "packageFilename": "squirrelmail-1.4.3a-9.EL4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "noarch", "packageName": "squirrelmail", "packageVersion": "1.4.3a-9.EL4", "packageFilename": "squirrelmail-1.4.3a-9.EL4.noarch.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0104", "published": "2005-01-29T05:00:00", "title": "CVE-2005-0104", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0103", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0103", "published": "2005-01-24T05:00:00", "title": "CVE-2005-0103", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:12", "bulletinFamily": "NVD", "description": "prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.", "modified": "2017-10-11T01:29:00", "id": "CVE-2005-0075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0075", "published": "2005-01-29T05:00:00", "title": "CVE-2005-0075", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:08:22", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200501-39 (SquirrelMail: Multiple vulnerabilities)\n\n SquirrelMail fails to properly sanitize certain strings when decoding specially crafted strings, which can lead to PHP file inclusion and XSS.\n Insufficient checking of incoming URLs in prefs.php (CAN-2005-0075) and in webmail.php (CAN-2005-0103).\n Insufficient escaping of integers in webmail.php (CAN-2005-0104).\n Impact :\n\n By sending a specially crafted URL, an attacker can execute arbitrary code from the local system with the permissions of the web server. Furthermore by enticing a user to load a specially crafted URL, it is possible to display arbitrary remote web pages in Squirrelmail's frameset and execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's webmail account, cookie theft, etc.\n Workaround :\n\n The arbitrary code execution is only possible with 'register_globals' set to 'On'. Gentoo ships PHP with 'register_globals' set to 'Off' by default. There are no known workarounds for the other issues at this time.", "modified": "2018-12-18T00:00:00", "id": "GENTOO_GLSA-200501-39.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16430", "published": "2005-02-14T00:00:00", "title": "GLSA-200501-39 : SquirrelMail: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200501-39.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16430);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n script_xref(name:\"GLSA\", value:\"200501-39\");\n\n script_name(english:\"GLSA-200501-39 : SquirrelMail: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200501-39\n(SquirrelMail: Multiple vulnerabilities)\n\n SquirrelMail fails to properly sanitize certain strings when\n decoding specially crafted strings, which can lead to PHP file\n inclusion and XSS.\n Insufficient checking of incoming URLs\n in prefs.php (CAN-2005-0075) and in webmail.php (CAN-2005-0103).\n Insufficient escaping of integers in webmail.php\n (CAN-2005-0104).\n \nImpact :\n\n By sending a specially crafted URL, an attacker can execute\n arbitrary code from the local system with the permissions of the web\n server. Furthermore by enticing a user to load a specially crafted URL,\n it is possible to display arbitrary remote web pages in Squirrelmail's\n frameset and execute arbitrary scripts running in the context of the\n victim's browser. This could lead to a compromise of the user's webmail\n account, cookie theft, etc.\n \nWorkaround :\n\n The arbitrary code execution is only possible with\n 'register_globals' set to 'On'. Gentoo ships PHP with\n 'register_globals' set to 'Off' by default. There are no known\n workarounds for the other issues at this time.\"\n );\n # http://sourceforge.net/mailarchive/message.php?msg_id=10628451\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/linux-usb/mailman/message/10628451/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200501-39\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All SquirrelMail users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.4'\n Note: Users with the vhosts USE flag set should manually use\n webapp-config to finalize the update.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/squirrelmail\", unaffected:make_list(\"ge 1.4.4\"), vulnerable:make_list(\"le 1.4.3a-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SquirrelMail\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:22", "bulletinFamily": "scanner", "description": "An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting 'register_globals' is set to 'On'.\nThis is not a default or recommended setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a cross site scripting attack when loading the URL for the sidebar. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw could allow a cross site scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0104 to this issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2005-135.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16370", "published": "2005-02-10T00:00:00", "title": "RHEL 3 : squirrelmail (RHSA-2005:135)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:135. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16370);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n script_xref(name:\"RHSA\", value:\"2005:135\");\n\n script_name(english:\"RHEL 3 : squirrelmail (RHSA-2005:135)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Squirrelmail package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in\nSquirrelmail. This flaw could allow potential insecure file inclusions\non servers where the PHP setting 'register_globals' is set to 'On'.\nThis is not a default or recommended setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could\nallow a cross site scripting attack when loading the URL for the\nsidebar. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This\nflaw could allow a cross site scripting attack. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0104 to this issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-20\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-14\"\n );\n # http://www.php.net/register_globals\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://us1.php.net/manual/en/ini.core.php#ini.register-globals\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:135\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:135\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"squirrelmail-1.4.3a-9.EL3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:25", "bulletinFamily": "scanner", "description": "An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting 'register_globals' is set to 'On'.\nThis is not a default or recommended setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a cross site scripting attack when loading the URL for the sidebar. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw could allow a cross site scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0104 to this issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2005-099.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17185", "published": "2005-02-22T00:00:00", "title": "RHEL 4 : squirrelmail (RHSA-2005:099)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:099. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17185);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n script_xref(name:\"RHSA\", value:\"2005:099\");\n\n script_name(english:\"RHEL 4 : squirrelmail (RHSA-2005:099)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Squirrelmail package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in\nSquirrelmail. This flaw could allow potential insecure file inclusions\non servers where the PHP setting 'register_globals' is set to 'On'.\nThis is not a default or recommended setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could\nallow a cross site scripting attack when loading the URL for the\nsidebar. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This\nflaw could allow a cross site scripting attack. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0104 to this issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-20\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-14\"\n );\n # http://www.php.net/register_globals\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://us1.php.net/manual/en/ini.core.php#ini.register-globals\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:099\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squirrelmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:099\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"squirrelmail-1.4.3a-9.EL4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squirrelmail\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:20", "bulletinFamily": "scanner", "description": "The target is running at least one instance of SquirrelMail whose version number suggests it is affected by one or more cross-site scripting vulnerabilities :\n\n- Insufficient escaping of integer variables in webmail.php allows a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1). \n\n- Insufficient checking of incoming URL vars in webmail.php allows an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1). \n\n- A recent change in prefs.php allows an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP's register_globals setting is enabled (affects 1.4.3-RC1 - 1.4.4-RC1). \n***** Nessus has determined the vulnerability exists on the target\n***** simply by looking at the version number of Squirrelmail \n***** installed there.", "modified": "2018-07-30T00:00:00", "id": "SQUIRRELMAIL_144.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16228", "published": "2005-01-24T00:00:00", "title": "SquirrelMail < 1.4.4 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# This script was written by George A. Theall, <theall@tifaware.com>.\n#\n# See the Nessus Scripts License for details.\n#\n# Changes by Tenable\n# - Updated to use compat.inc (11/20/2009)\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(16228);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n script_bugtraq_id(12337);\n \n script_name(english:\"SquirrelMail < 1.4.4 Multiple Vulnerabilities\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a PHP script that is affected by multiple\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The target is running at least one instance of SquirrelMail whose\nversion number suggests it is affected by one or more cross-site\nscripting vulnerabilities :\n\n- Insufficient escaping of integer variables in webmail.php allows a\nremote attacker to include HTML / script into a SquirrelMail webpage\n(affects 1.4.0-RC1 - 1.4.4-RC1). \n\n- Insufficient checking of incoming URL vars in webmail.php allows an\nattacker to include arbitrary remote web pages in the SquirrelMail\nframeset (affects 1.4.0-RC1 - 1.4.4-RC1). \n\n- A recent change in prefs.php allows an attacker to provide a\nspecially crafted URL that could include local code into the\nSquirrelMail code if and only if PHP's register_globals setting is\nenabled (affects 1.4.3-RC1 - 1.4.4-RC1). \n \n***** Nessus has determined the vulnerability exists on the target\n***** simply by looking at the version number of Squirrelmail \n***** installed there.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SquirrelMail 1.4.4 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/01/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/01/14\");\n script_cvs_date(\"Date: 2018/07/30 15:31:31\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:squirrelmail:squirrelmail\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for Three XSS Vulnerabilities in SquirrelMail < 1.4.4\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 George A. Theall\");\n\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"global_settings.nasl\", \"squirrelmail_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/squirrelmail\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80);\nif (!get_port_state(port)) exit(0);\ndebug_print(\"searching for 3 XSS vulnerabilities in SquirrelMail < 1.4.3 on port \", port, \".\");\n\n\n# Check each installed instance, stopping if we find a vulnerability.\ninstalls = get_kb_list(string(\"www/\", port, \"/squirrelmail\"));\nif (isnull(installs)) exit(0);\nforeach install (installs) {\n matches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\n if (!isnull(matches)) {\n ver = matches[1];\n dir = matches[2];\n debug_print(\"checking version \", ver, \" under \", dir, \".\");\n\n if (ereg(pattern:\"^1\\.4\\.([0-3](-RC.*)?|4-RC1)$\", string:ver)) {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:39", "bulletinFamily": "scanner", "description": "A SquirrelMail Security Advisory reports :\n\nSquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in src/webmail.php which would allow a crafted URL to include a remote web page. This was assigned CAN-2005-0103 by the Common Vulnerabilities and Exposures.\nCross Site Scripting Issues A possible cross site scripting issue exists in src/webmail.php that is only accessible when the PHP installation is running with register_globals set to On. This issue was uncovered internally by the SquirrelMail Development team. This isssue was assigned CAN-2005-0104 by the Common Vulnerabilities and Exposures.\n\nA second issue which was resolved in the 1.4.4-rc1 release was uncovered and assigned CAN-2004-1036 by the Common Vulnerabilities and Exposures. This issue could allow a remote user to send a specially crafted header and cause execution of script (such as JavaScript) in the client browser. Local File Inclusion A possible local file inclusion issue was uncovered by one of our developers involving custom preference handlers. This issue is only active if the PHP installation is running with register_globals set to On.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_79630C0C8DCC45D099084087FE1D618C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18992", "published": "2005-07-13T00:00:00", "title": "FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18992);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2004-1036\", \"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n\n script_name(english:\"FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A SquirrelMail Security Advisory reports :\n\nSquirrelMail 1.4.4 has been released to resolve a number of security\nissues disclosed below. It is strongly recommended that all running\nSquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File\nInclusion Manoel Zaninetti reported an issue in src/webmail.php which\nwould allow a crafted URL to include a remote web page. This was\nassigned CAN-2005-0103 by the Common Vulnerabilities and Exposures.\nCross Site Scripting Issues A possible cross site scripting issue\nexists in src/webmail.php that is only accessible when the PHP\ninstallation is running with register_globals set to On. This issue\nwas uncovered internally by the SquirrelMail Development team. This\nisssue was assigned CAN-2005-0104 by the Common Vulnerabilities and\nExposures.\n\nA second issue which was resolved in the 1.4.4-rc1 release was\nuncovered and assigned CAN-2004-1036 by the Common Vulnerabilities and\nExposures. This issue could allow a remote user to send a specially\ncrafted header and cause execution of script (such as JavaScript) in\nthe client browser. Local File Inclusion A possible local file\ninclusion issue was uncovered by one of our developers involving\ncustom preference handlers. This issue is only active if the PHP\ninstallation is running with register_globals set to On.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=110702772714662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.squirrelmail.org/security/issue/2005-01-20\"\n );\n # https://vuxml.freebsd.org/freebsd/79630c0c-8dcc-45d0-9908-4087fe1d618c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40a1fb6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"squirrelmail<1.4.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-squirrelmail<1.4.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:21", "bulletinFamily": "scanner", "description": "Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout. For completeness below is the original advisory text :\n\n Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CAN-2005-0104 Upstream developers noticed that an unsanitised variable could lead to cross site scripting.\n\n - CAN-2005-0152\n\n Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-662.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16283", "published": "2005-02-02T00:00:00", "title": "Debian DSA-662-2 : squirrelmail - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-662. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16283);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-0104\", \"CVE-2005-0152\");\n script_xref(name:\"DSA\", value:\"662\");\n\n script_name(english:\"Debian DSA-662-2 : squirrelmail - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrew Archibald discovered that the last update to squirrelmail which\nwas intended to fix several problems caused a regression which got\nexposed when the user hits a session timeout. For completeness below\nis the original advisory text :\n\n Several vulnerabilities have been discovered in Squirrelmail, a\n commonly used webmail system. The Common Vulnerabilities and\n Exposures project identifies the following problems :\n\n - CAN-2005-0104\n Upstream developers noticed that an unsanitised\n variable could lead to cross site scripting.\n\n - CAN-2005-0152\n\n Grant Hollingworth discovered that under certain\n circumstances URL manipulation could lead to the\n execution of arbitrary code with the privileges of\n www-data. This problem only exists in version 1.2.6 of\n Squirrelmail.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=292714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the squirrelmail package.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.2.6-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squirrelmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/02\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"squirrelmail\", reference:\"1.2.6-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200501-39.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54825", "id": "OPENVAS:54825", "title": "Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail fails to properly sanitize user input, which could lead to\narbitrary code execution and compromise webmail accounts.\";\ntag_solution = \"All SquirrelMail users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.4'\n\nNote: Users with the vhosts USE flag set should manually use webapp-config\nto finalize the update.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-39\nhttp://bugs.gentoo.org/show_bug.cgi?id=78116\nhttp://sourceforge.net/mailarchive/message.php?msg_id=10628451\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200501-39.\";\n\n \n\nif(description)\n{\n script_id(54825);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"mail-client/squirrelmail\", unaffected: make_list(\"ge 1.4.4\"), vulnerable: make_list(\"le 1.4.3a-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:31:57", "bulletinFamily": "scanner", "description": "The target is running at least one instance of SquirrelMail whose\n version number suggests it is vulnerable to one or more cross-site\n scripting vulnerabilities :\n\n - Insufficient escaping of integer variables in webmail.php allows a\n remote attacker to include HTML / script into a SquirrelMail webpage\n (affects 1.4.0-RC1 - 1.4.4-RC1).\n\n - Insufficient checking of incoming URL vars in webmail.php allows an\n attacker to include arbitrary remote web pages in the SquirrelMail\n frameset (affects 1.4.0-RC1 - 1.4.4-RC1).\n\n - A recent change in prefs.php allows an attacker to provide a\n specially crafted URL that could include local code into the\n SquirrelMail code if and only if PHP", "modified": "2019-03-04T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231016228", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231016228", "title": "SquirrelMail < 1.4.4 XSS Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: squirrelmail_144.nasl 13975 2019-03-04 09:32:08Z cfischer $\n#\n# SquirrelMail < 1.4.4 XSS Vulnerabilities\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>\n#\n# Copyright:\n# Copyright (C) 2005 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:squirrelmail:squirrelmail';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.16228\");\n script_version(\"$Revision: 13975 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-04 10:32:08 +0100 (Mon, 04 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(12337);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n script_name(\"SquirrelMail < 1.4.4 XSS Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2005 George A. Theall\");\n script_family(\"Web application abuses\");\n script_dependencies(\"squirrelmail_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"squirrelmail/installed\");\n\n script_tag(name:\"solution\", value:\"Upgrade to SquirrelMail 1.4.4 or later.\");\n\n script_tag(name:\"summary\", value:\"The target is running at least one instance of SquirrelMail whose\n version number suggests it is vulnerable to one or more cross-site\n scripting vulnerabilities :\n\n - Insufficient escaping of integer variables in webmail.php allows a\n remote attacker to include HTML / script into a SquirrelMail webpage\n (affects 1.4.0-RC1 - 1.4.4-RC1).\n\n - Insufficient checking of incoming URL vars in webmail.php allows an\n attacker to include arbitrary remote web pages in the SquirrelMail\n frameset (affects 1.4.0-RC1 - 1.4.4-RC1).\n\n - A recent change in prefs.php allows an attacker to provide a\n specially crafted URL that could include local code into the\n SquirrelMail code if and only if PHP's register_globals setting is\n enabled (affects 1.4.3-RC1 - 1.4.4-RC1).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"1.4.4\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.4.4\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-30T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52996", "id": "OPENVAS:52996", "title": "FreeBSD Ports: squirrelmail, ja-squirrelmail", "type": "openvas", "sourceData": "#\n#VID 79630c0c-8dcc-45d0-9908-4087fe1d618c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n squirrelmail\n ja-squirrelmail\n\nCVE-2004-1036\nCross-site scripting (XSS) vulnerability in the decoding of encoded\ntext in certain headers in mime.php for SquirrelMail 1.4.3a and\nearlier, and 1.5.1-cvs before 23rd October 2004, allows remote\nattackers to execute arbitrary web script or HTML.\n\nCVE-2005-0075\nprefs.php in SquirrelMail before 1.4.4, with register_globals enabled,\nallows remote attackers to inject local code into the SquirrelMail\ncode via custom preference handlers.\n\nCVE-2005-0103\nPHP remote code injection vulnerability in webmail.php in SquirrelMail\nbefore 1.4.4 allows remote attackers to execute arbitrary PHP code by\nmodifying a URL parameter to reference a URL on a remote web server\nthat contains the code.\n\nCVE-2005-0104\nCross-site scripting (XSS) vulnerability in webmail.php in\nSquirrelMail before 1.4.4 allows remote attackers to inject arbitrary\nweb script or HTML via certain integer variables.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.squirrelmail.org/security/issue/2005-01-14\nhttp://www.squirrelmail.org/security/issue/2005-01-19\nhttp://www.squirrelmail.org/security/issue/2005-01-20\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662\nhttp://www.vuxml.org/freebsd/79630c0c-8dcc-45d0-9908-4087fe1d618c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52996);\n script_version(\"$Revision: 4188 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-30 07:56:47 +0200 (Fri, 30 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-1036\", \"CVE-2005-0075\", \"CVE-2005-0103\", \"CVE-2005-0104\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: squirrelmail, ja-squirrelmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"squirrelmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.4\")<0) {\n txt += 'Package squirrelmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-squirrelmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.4\")<0) {\n txt += 'Package ja-squirrelmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory DSA 662-2.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53523", "id": "OPENVAS:53523", "title": "Debian Security Advisory DSA 662-2 (squirrelmail)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_662_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 662-2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andrew Archibald discovered that the last update to squirrelmail which\nwas intended to fix several problems caused a regression which got\nexposed when the user hits a session timeout. For completeness below\nis the original advisory text:\n\nSeveral vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2005-0104\n\nUpstream developers noticed that an unsanitised variable could\nlead to cross site scripting.\n\nCVE-2005-0152\n\nGrant Hollingworth discovered that under certain circumstances URL\nmanipulation could lead to the execution of arbitrary code with\nthe privileges of www-data. This problem only exists in version\n1.2.6 of Squirrelmail.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.2.6-3.\n\nThe correction in the unstable distribution (sid) is not affected by\nthis regression.\n\nWe recommend that you upgrade your squirrelmail package.\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory DSA 662-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20662-2\";\n\nif(description)\n{\n script_id(53523);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-0104\", \"CVE-2005-0152\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 662-2 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.2.6-3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory DSA 662-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53494", "id": "OPENVAS:53494", "title": "Debian Security Advisory DSA 662-1 (squirrelmail)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_662_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 662-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2005-0104\n\nUpstream developers noticed that an unsanitised variable could\nlead to cross site scripting.\n\nCVE-2005-0152\n\nGrant Hollingworth discovered that under certain circumstances URL\nmanipulation could lead to the execution of arbitrary code with\nthe privileges of www-data. This problem only exists in version\n1.2.6 of Squirrelmail.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.2.6-2.\n\nFor the unstable distribution (sid) the problem that affects unstable\nhas been fixed in version 1.4.4-1.\n\nWe recommend that you upgrade your squirrelmail package.\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory DSA 662-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20662-1\";\n\nif(description)\n{\n script_id(53494);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-0104\", \"CVE-2005-0152\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 662-1 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.2.6-2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-05-29T14:34:26", "bulletinFamily": "unix", "description": "SquirrelMail is a standards-based webmail package written in PHP4.\n\nJimmy Conner discovered a missing variable initialization in Squirrelmail.\nThis flaw could allow potential insecure file inclusions on servers where\nthe PHP setting \"register_globals\" is set to \"On\". This is not a default or\nrecommended setting. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.\n\nA URL sanitisation bug was found in Squirrelmail. This flaw could allow a\ncross site scripting attack when loading the URL for the sidebar. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0103 to this issue.\n\nA missing variable initialization bug was found in Squirrelmail. This flaw\ncould allow a cross site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to\nthis issue.\n\nUsers of Squirrelmail are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "modified": "2017-07-28T09:18:22", "published": "2005-02-10T05:00:00", "id": "RHSA-2005:135", "href": "https://access.redhat.com/errata/RHSA-2005:135", "type": "redhat", "title": "(RHSA-2005:135) squirrelmail security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nSquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. \n\n### Description\n\nSquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS. \n\n * Insufficient checking of incoming URLs in prefs.php (CAN-2005-0075) and in webmail.php (CAN-2005-0103).\n * Insufficient escaping of integers in webmail.php (CAN-2005-0104).\n\n### Impact\n\nBy sending a specially-crafted URL, an attacker can execute arbitrary code from the local system with the permissions of the web server. Furthermore by enticing a user to load a specially-crafted URL, it is possible to display arbitrary remote web pages in Squirrelmail's frameset and execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's webmail account, cookie theft, etc. \n\n### Workaround\n\nThe arbitrary code execution is only possible with \"register_globals\" set to \"On\". Gentoo ships PHP with \"register_globals\" set to \"Off\" by default. There are no known workarounds for the other issues at this time. \n\n### Resolution\n\nAll SquirrelMail users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/squirrelmail-1.4.4\"\n\nNote: Users with the vhosts USE flag set should manually use webapp-config to finalize the update.", "modified": "2005-01-28T00:00:00", "published": "2005-01-28T00:00:00", "id": "GLSA-200501-39", "href": "https://security.gentoo.org/glsa/200501-39", "type": "gentoo", "title": "SquirrelMail: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "unix", "description": "\nA SquirrelMail Security Advisory reports:\n\nSquirrelMail 1.4.4 has been released to resolve a number of\n\t security issues disclosed below. It is strongly recommended\n\t that all running SquirrelMail prior to 1.4.4 upgrade to the\n\t latest release.\nRemote File Inclusion\nManoel Zaninetti reported an issue in src/webmail.php which\n\t would allow a crafted URL to include a remote web page.\n\t This was assigned CAN-2005-0103 by the Common\n\t Vulnerabilities and Exposures.\nCross Site Scripting Issues\nA possible cross site scripting issue exists in\n\t src/webmail.php that is only accessible when the PHP\n\t installation is running with register_globals set to On.\n\t This issue was uncovered internally by the SquirrelMail\n\t Development team. This isssue was assigned CAN-2005-0104 by\n\t the Common Vulnerabilities and Exposures.\nA second issue which was resolved in the 1.4.4-rc1 release\n\t was uncovered and assigned CAN-2004-1036 by the Common\n\t Vulnerabilities and Exposures. This issue could allow a\n\t remote user to send a specially crafted header and cause\n\t execution of script (such as javascript) in the client\n\t browser.\nLocal File Inclusion\nA possible local file inclusion issue was uncovered by one\n\t of our developers involving custom preference handlers.\n\t This issue is only active if the PHP installation is running\n\t with register_globals set to On.\n\n", "modified": "2005-01-29T00:00:00", "published": "2005-01-29T00:00:00", "id": "79630C0C-8DCC-45D0-9908-4087FE1D618C", "href": "https://vuxml.freebsd.org/freebsd/79630c0c-8dcc-45d0-9908-4087fe1d618c.html", "title": "squirrelmail -- XSS and remote code injection vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:11", "bulletinFamily": "software", "description": "SquirrelMail Security Advisory\r\n==============================\r\n\r\nSquirrelMail 1.4.4 has been released to resolve a\r\nnumber of security\r\nissues disclosed below. It is strongly recommended\r\nthat all running\r\nSquirrelMail prior to 1.4.4 upgrade to the latest\r\nrelease.\r\n\r\nRemote File Inclusion\r\n---------------------\r\nManoel Zaninetti reported an issue in src/webmail.php\r\nwhich would allow a\r\ncrafted URL to include a remote web page. This was\r\nassigned CAN-2005-0103\r\nby the Common Vulnerabilities and Exposures.\r\n\r\nCross Site Scripting Issues\r\n---------------------------\r\nA possible cross site scripting issue exists in\r\nsrc/webmail.php that is\r\nonly accessible when the PHP installation is running\r\nwith register_globals\r\nset to On. This issue was uncovered internally by the\r\nSquirrelMail\r\nDevelopment team. This isssue was assigned\r\nCAN-2005-0104 by the Common\r\nVulnerabilities and Exposures.\r\n\r\nA second issue which was resolved in the 1.4.4-rc1\r\nrelease was uncovered\r\nand assigned CAN-2004-1036 by the Common\r\nVulnerabilities and Exposures. \r\nThis issue could allow a remote user to send a\r\nspecially crafted header\r\nand cause execution of script (such as javascript) in\r\nthe client browser.\r\n\r\nLocal File Inclusion\r\n--------------------\r\nA possible local file inclusion issue was uncovered by\r\none of our\r\ndevelopers involving custom preference handlers. This\r\nissue is only\r\nactive if the PHP installation is running with\r\nregister_globals set to On.\r\n\r\n\r\nIt is strongly suggested that all users running\r\nSquirrelMail prior to\r\n1.4.4 upgrade to the latest release. Those using a\r\ndevelopment release,\r\nshould upgrade to the latest snapshots to ensure they\r\nhave the latest\r\nupdates for these issues. A full list of changes in\r\nthis, and previous\r\nreleases can be found here\r\n(http://www.squirrelmail.org/changelog.php).\r\n\r\nFor further updates on security issues, details are\r\nposted to\r\nhttp://www.squirrelmail.org/security/. Any security\r\nissues should be\r\nemailed to security@squirrelmail.org.\r\n\r\nWe'd like to express thanks for those that have worked\r\nwith us on getting\r\nsecurity issues resolved with SquirrelMail, and hope\r\nthat people continue\r\nto do so in such fashion, it is much appreciated.\r\n\r\n-- \r\nJonathan Angliss\r\nSquirrelMail Development Team\r\n", "modified": "2005-01-30T00:00:00", "published": "2005-01-30T00:00:00", "id": "SECURITYVULNS:DOC:7711", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7711", "title": "SquirrelMail Security Advisory", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.squirrelmail.org/security/issue/2005-01-19)\nSecurity Tracker: 1012988\n[Secunia Advisory ID:13962](https://secuniaresearch.flexerasoftware.com/advisories/13962/)\n[Secunia Advisory ID:15629](https://secuniaresearch.flexerasoftware.com/advisories/15629/)\n[Secunia Advisory ID:14241](https://secuniaresearch.flexerasoftware.com/advisories/14241/)\n[Secunia Advisory ID:14033](https://secuniaresearch.flexerasoftware.com/advisories/14033/)\nRedHat RHSA: RHSA-2005:135\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200501-39.xml\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_14_sr.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0325.html\n[CVE-2005-0103](https://vulners.com/cve/CVE-2005-0103)\n", "modified": "2005-01-19T02:24:55", "published": "2005-01-19T02:24:55", "href": "https://vulners.com/osvdb/OSVDB:13146", "id": "OSVDB:13146", "title": "SquirrelMail Frameset Arbitrary HTML Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.squirrelmail.org/security/issue/2005-01-20)\nSecurity Tracker: 1012988\n[Secunia Advisory ID:13962](https://secuniaresearch.flexerasoftware.com/advisories/13962/)\n[Secunia Advisory ID:14096](https://secuniaresearch.flexerasoftware.com/advisories/14096/)\n[Secunia Advisory ID:15629](https://secuniaresearch.flexerasoftware.com/advisories/15629/)\n[Secunia Advisory ID:14241](https://secuniaresearch.flexerasoftware.com/advisories/14241/)\n[Secunia Advisory ID:14033](https://secuniaresearch.flexerasoftware.com/advisories/14033/)\nRedHat RHSA: RHSA-2005:135\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200501-39.xml\nOther Advisory URL: http://www.debian.org/security/2005/dsa-662\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_14_sr.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0325.html\n[CVE-2005-0104](https://vulners.com/cve/CVE-2005-0104)\n", "modified": "2005-01-20T06:38:45", "published": "2005-01-20T06:38:45", "id": "OSVDB:13145", "href": "https://vulners.com/osvdb/OSVDB:13145", "title": "SquirrelMail webmail.php XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.squirrelmail.org/security/issue/2005-01-14)\nSecurity Tracker: 1012988\n[Secunia Advisory ID:13962](https://secuniaresearch.flexerasoftware.com/advisories/13962/)\n[Secunia Advisory ID:14241](https://secuniaresearch.flexerasoftware.com/advisories/14241/)\n[Secunia Advisory ID:14033](https://secuniaresearch.flexerasoftware.com/advisories/14033/)\n[Secunia Advisory ID:14747](https://secuniaresearch.flexerasoftware.com/advisories/14747/)\nRedHat RHSA: RHSA-2005:135\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200501-39.xml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0325.html\n[CVE-2005-0075](https://vulners.com/cve/CVE-2005-0075)\n", "modified": "2005-01-14T02:25:27", "published": "2005-01-14T02:25:27", "id": "OSVDB:13147", "href": "https://vulners.com/osvdb/OSVDB:13147", "title": "SquirrelMail prefs.php Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:23:00", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 662-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 1st, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squirrelmail\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0104 CAN-2005-0152\nDebian Bug : 292714\n\nSeveral vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCAN-2005-0104\n\n Upstream developers noticed that an unsanitised variable could\n lead to cross site scripting.\n\nCAN-2005-0152\n\n Grant Hollingworth discovered that under certain circumstances URL\n manipulation could lead to the execution of arbitrary code with\n the privileges of www-data. This problem only exists in version\n 1.2.6 of Squirrelmail.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.2.6-2.\n\nFor the unstable distribution (sid) the problem that affects unstable\nhas been fixed in version 1.4.4-1.\n\nWe recommend that you upgrade your squirrelmail package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2.dsc\n Size/MD5 checksum: 646 4900cffd3e5d45735f65c21476efc806\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2.diff.gz\n Size/MD5 checksum: 21204 4614ece547701e83d640b5740bb59d51\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz\n Size/MD5 checksum: 1856087 be9e6be1de8d3dd818185d596b41a7f1\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2_all.deb\n Size/MD5 checksum: 1840668 2d23a6986ab2862bb1acd160b5a2919c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-02-01T00:00:00", "published": "2005-02-01T00:00:00", "id": "DEBIAN:DSA-662-1:48E98", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00040.html", "title": "[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:53", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 662-2 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMarch 14th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squirrelmail\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0104 CAN-2005-0152\nDebian Bug : 292714 295836\n\nAndrew Archibald discovered that the last update to squirrelmail which\nwas intended to fix several problems caused a regression which got\nexposed when the user hits a session timeout. For completeness below\nis the original advisory text:\n\n Several vulnerabilities have been discovered in Squirrelmail, a\n commonly used webmail system. The Common Vulnerabilities and\n Exposures project identifies the following problems:\n\n CAN-2005-0104\n\n Upstream developers noticed that an unsanitised variable could\n lead to cross site scripting.\n\n CAN-2005-0152\n\n Grant Hollingworth discovered that under certain circumstances URL\n manipulation could lead to the execution of arbitrary code with\n the privileges of www-data. This problem only exists in version\n 1.2.6 of Squirrelmail.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.2.6-3.\n\nThe correction in the unstable distribution (sid) is not affected by\nthis regression.\n\nWe recommend that you upgrade your squirrelmail package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.dsc\n Size/MD5 checksum: 646 1de7e6666fccf9bec33415a8f087aec6\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.diff.gz\n Size/MD5 checksum: 21411 ec0e038ffe18e2035fccac02eb31ba21\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz\n Size/MD5 checksum: 1856087 be9e6be1de8d3dd818185d596b41a7f1\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3_all.deb\n Size/MD5 checksum: 1840798 13cfdb962ff49d27edee7ec6686a8265\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-03-14T00:00:00", "published": "2005-03-14T00:00:00", "id": "DEBIAN:DSA-662-2:ABDC1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00072.html", "title": "[SECURITY] [DSA 662-2] New squirrelmail package fixes regression", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
