Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 988-1 (squirrelmail)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to squirrelmail announced via advisory DSA 988-1. Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0188 Martijn Brinkers and Ben Maurer found a flaw in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. CVE-2006-0195 Martijn Brinkers and Scott Hughes discovered an interpretation conflict in the MagicHTML filter that allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) /* and */ comments, or (2) slashes inside the url keyword, which is processed by some web browsers including Internet Explorer. CVE-2006-0377 Vicente Aguilera of Internet Security Auditors, S.L. discovered a CRLF injection vulnerability, which allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka IMAP injection. There's no known way to exploit this yet. For the old stable distribution (woody) these problems have been fixed in version 1.2.6-5.
Solution
Solution
For the stable distribution (sarge) these problems have been fixed in version 2:1.4.4-8. For the unstable distribution (sid) these problems have been fixed in version 2:1.4.6-1. We recommend that you upgrade your squirrelmail package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20988-1