Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 662-1 (squirrelmail)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to squirrelmail announced via advisory DSA 662-1.

Insight

Insight

Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0104 Upstream developers noticed that an unsanitised variable could lead to cross site scripting. CVE-2005-0152 Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail. For the stable distribution (woody) these problems have been fixed in version 1.2.6-2. For the unstable distribution (sid) the problem that affects unstable has been fixed in version 1.4.4-1. We recommend that you upgrade your squirrelmail package.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20662-1

Common Vulnerabilities and Exposures (CVE)