Executive Summary

Summary
Title squirrelmail security update
Informations
Name RHSA-2006:0283 First vendor Publication 2006-05-03
Vendor RedHat Last vendor Modification 2006-05-03
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch

3. Problem description:

SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188)

A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195)

A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377)

Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

182579 - CVE-2006-0188 Possible XSS through right_frame parameter in webmail.php 182581 - CVE-2006-0195 Possible XSS in MagicHTML (IE only) 182584 - CVE-2006-0377 IMAP injection in sqimap_mailbox_select mailbox parameter

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2006-0283.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10419
 
Oval ID: oval:org.mitre.oval:def:10419
Title: webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
Description: webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0188
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11470
 
Oval ID: oval:org.mitre.oval:def:11470
Title: CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
Description: CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
Family: unix Class: vulnerability
Reference(s): CVE-2006-0377
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9548
 
Oval ID: oval:org.mitre.oval:def:9548
Title: Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
Description: Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0195
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 12

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200603-09 (squirrelmail)
File : nvt/glsa_200603_09.nasl
2008-09-04 Name : FreeBSD Ports: squirrelmail
File : nvt/freebsd_squirrelmail2.nasl
2008-01-17 Name : Debian Security Advisory DSA 988-1 (squirrelmail)
File : nvt/deb_988_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
23878 SquirrelMail compose.php Subject Field Arbitrary SMTP Command Injection
23386 SquirrelMail sqimap_mailbox_select mailbox Parameter Arbitrary IMAP Command I...
23385 SquirrelMail MagicHTML Style Sheet Comment Filter Bypass
23384 SquirrelMail webmail.php right_frame Parameter XSS

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-988.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0283.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_af9018b6a4f511dabb410011433a9404.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0283.nasl - Type : ACT_GATHER_INFO
2006-03-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200603-09.nasl - Type : ACT_GATHER_INFO
2006-03-06 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-133.nasl - Type : ACT_GATHER_INFO
2006-02-22 Name : The remote webmail application is affected by multiple issues.
File : squirrelmail_146.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:49:59
  • Multiple Updates