Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title squirrelmail security update
Name DSA-4168 First vendor Publication 2018-04-08
Vendor Debian Last vendor Modification 2018-04-08
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.

For the oldstable distribution (jessie), this problem has been fixed in version 2:1.4.23~svn20120406-2+deb8u2.

We recommend that you upgrade your squirrelmail packages.

For the detailed security status of squirrelmail please refer to its security tracker page at: https://security-tracker.debian.org/tracker/squirrelmail

Original Source

Url : http://www.debian.org/security/2018/dsa-4168

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 1
Os 2

Nessus® Vulnerability Scanner

Date Description
2018-04-17 Name : The remote Debian host is missing a security update.
File : debian_DLA-1344.nasl - Type : ACT_GATHER_INFO
2018-04-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4168.nasl - Type : ACT_GATHER_INFO
2018-03-20 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_928d5c592a5a11e8a7120025908740c2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-04-16 00:21:08
  • Multiple Updates
2018-04-08 13:19:00
  • First insertion