Vulnerability Bulletins |
Cross Site Scripting en Squirrelmail |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Avanzado |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | Squirrelmail |
Description |
|
Se ha descubierto una vulnerabilidad de cross site scripting en Squirrelmail, un sistema de webmail. La vulnerabilidad reside en la falta de validación de entrada de determinadas variables. La explotación de la vulnerabilidad podría permitir a un atacante remoto ejecutar código mediante la aplicación Squirrelmail. |
|
Solution |
|
Actualización de software Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.dsc http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.diff.gz http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3_all.deb Red Hat Linux Red Hat Desktop (v. 3) SRPMS squirrelmail-1.4.3a-9.EL3.src.rpm IA-32 squirrelmail-1.4.3a-9.EL3.noarch.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) SRPMS squirrelmail-1.4.3a-9.EL3.src.rpm IA-32 squirrelmail-1.4.3a-9.EL3.noarch.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) SRPMS squirrelmail-1.4.3a-9.EL3.src.rpm IA-32 squirrelmail-1.4.3a-9.EL3.noarch.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) SRPMS squirrelmail-1.4.3a-9.EL3.src.rpm IA-32 squirrelmail-1.4.3a-9.EL3.noarch.rpm https://rhn.redhat.com/ Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ SUSE Linux Actualizar mediante YaST Online Update |
|
Standar resources |
|
Property | Value |
CVE | CAN-2005-0104 |
BID | |
Other resources |
|
Debian Security Advisory DSA 662-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00040.html Debian Security Advisory DSA 662-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00072.html Red Hat Security Advisory RHSA-2005:135-04 https://rhn.redhat.com/errata/RHSA-2005-135.html Red Hat Security Advisory RHSA-2005:099-06 https://rhn.redhat.com/errata/RHSA-2005-099.html SUSE Security Summary Report SUSE-SR:2005:014 http://www.novell.com/linux/security/advisories/2005_14_sr.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-02-02 |
1.1 | Aviso emitido por Red Hat (RHSA-2005:135-04) | 2005-02-11 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:099-06) | 2005-02-16 |
1.3 | Aviso actualizado por Debian (DSA 662-2) | 2005-03-15 |
1.4 | Aviso emitido por SUSE (SUSE-SR:2005:014) | 2005-06-08 |