9 matches found
Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64
The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user session...
CentOS Update for squirrelmail CESA-2009:0057 centos5 i386
Check for the Version of squirrelmail OpenVAS Vulnerability Test CentOS Update for squirrelmail CESA-2009:0057 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
CentOS Update for squirrelmail CESA-2009:0057 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
SquirrelMail软件包会话处理绕过认证漏洞
BUGTRAQ ID: 33354 CVECAN ID: CVE-2009-0030 SquirrelMail是一款PHP编写的WEBMAIL程序。 Red Hat为CVE-2008-3663所提供的修复导致SquirrelMail对所有的会话都设置了相同的SQMSESSID Cookie值,这允许通过认证的远程用户通过使用标准的webmail.php接口访问其他用户的文件夹列表和配置数据。 SquirrelMail 1.4.8 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0057-01)以及相应补丁:...
openSUSE 10 Security Update : squirrelmail (squirrelmail-5978)
This update of squirrelmail corrects a problem introduced by a patch for CVE-2008-3663 that caused cookies to be static. CVE-2009-0030 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
CVE-2009-0030
CVE-2009-0030 corresponds to a session cookie handling flaw in SquirrelMail 1.4.8 patched by Red Hat/Miracle Linux advisories. The root cause was an incorrect fix for CVE-2008-3663, causing the SQMSESSID cookie value to be identical across sessions. This enables remote authenticated users to acce...
RedHat Security Advisory RHSA-2009:0057
The remote host is missing updates announced in advisory RHSA-2009:0057. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering with no JavaScript required for maximu...
CentOS Security Advisory CESA-2009:0057 (squirrelmail)
The remote host is missing updates to squirrelmail announced in advisory CESA-2009:0057. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:0057)
An updated squirrelmail package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail package writte...