Bugtraq mailing list archives
[ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities
From: Stefan Behte <craig () gentoo org>
Date: Wed, 13 Jan 2010 23:09:39 +0100
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: SquirrelMail: Multiple vulnerabilities Date: January 13, 2010 Bugs: #269567, #270671 ID: 201001-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in SquirrelMail of which the worst results in remote code execution. Background ========== SquirrelMail is a standards-based webmail package written in PHP. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/squirrelmail < 1.4.19 >= 1.4.19 Description =========== Multiple vulnerabilities were found in SquirrelMail: * Niels Teusink reported multiple input sanitation flaws in certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php, PHP_SELF and the query string (aka QUERY_STRING) (CVE-2009-1578). * Niels Teusink also reported that the map_yp_alias() function in functions/imap_general.php does not filter shell metacharacters in a username and that the original patch was incomplete (CVE-2009-1381, CVE-2009-1579). * Tomas Hoger discovered an unspecified session fixation vulnerability (CVE-2009-1580). * Luc Beurton reported that functions/mime.php does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages (CVE-2009-1581). Impact ====== The vulnerabilities allow remote attackers to execute arbitrary code with the privileges of the user running the web server, to hijack web sessions via a crafted cookie, to spoof the user interface and to conduct Cross-Site Scripting and phishing attacks, via a specially crafted message. Workaround ========== There is no known workaround at this time. Resolution ========== All SquirrelMail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.19" References ========== [ 1 ] CVE-2009-1381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381 [ 2 ] CVE-2009-1578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1578 [ 3 ] CVE-2009-1579 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579 [ 4 ] CVE-2009-1580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1580 [ 5 ] CVE-2009-1581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1581 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201001-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities Stefan Behte (Jan 14)