RedHatRHSA-2006:0283(RHSA-2006:0283) squirrelmail security update
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
83.6%
SquirrelMail is a standards-based webmail package written in PHP4.
A bug was found in the way SquirrelMail presents the right frame to the
user. If a user can be tricked into opening a carefully crafted URL, it is
possible to present the user with arbitrary HTML data. (CVE-2006-0188)
A bug was found in the way SquirrelMail filters incoming HTML email. It is
possible to cause a victim’s web browser to request remote content by
opening a HTML email while running a web browser that processes certain
types of invalid style sheets. Only Internet Explorer is known to process
such malformed style sheets. (CVE-2006-0195)
A bug was found in the way SquirrelMail processes a request to select an
IMAP mailbox. If a user can be tricked into opening a carefully crafted
URL, it is possible to execute arbitrary IMAP commands as the user viewing
their mail with SquirrelMail. (CVE-2006-0377)
Users of SquirrelMail are advised to upgrade to this updated package, which
contains SquirrelMail version 1.4.6 and is not vulnerable to these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 4 | src | squirrelmail | < 1.4.6-5.el4 | squirrelmail-1.4.6-5.el4.src.rpm |
| RedHat | 4 | noarch | squirrelmail | < 1.4.6-5.el4 | squirrelmail-1.4.6-5.el4.noarch.rpm |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
83.6%