Vulnerability Bulletins |
Ejecución de código remota en Squirrelmail |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Principiante |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | Squirrelmail |
Description |
|
Se ha descubierto una vulnerabilidad en Squirrelmail. La vulnerabilidad reside en que no se valida correctamente ciertos datos suministrados por el usuario. Un atacante remoto podría ejecutar código PHP arbitrario y acceder a ficheros locales. |
|
Solution |
|
Actualización de software Mandriva Corporate Server 3.0 X64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/squirrelmail-1.4.5-1.3.C30mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.3.C30mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/squirrelmail-1.4.5-1.3.C30mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.3.C30mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.3.C30mdk.src.rpm Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux SGI Advanced Linux Environment 3 / RPM / Patch 10321 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10321 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Apple Mac OS 10.3.9 http://www.apple.com/support/downloads/securityupdate20070071039.html Mac OS Server 10.3.9 http://www.apple.com/support/downloads/securityupdate20070071039server.html Mac OS PPC 10.4.10 http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Mac OS Server PPC 10.4.10 http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Mac OS Universal 10.4.10 http://www.apple.com/support/downloads/securityupdate200700710410universal.html Mac OS Server Universal 10.4.10 http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-2842 |
BID | 18231 |
Other resources |
|
Mandriva Security Advisory (MDKSA-2006:101) http://www.mandriva.com/security/advisories?name=MDKSA-2006:101 Red Hat Security Advisory (RHSA-2006:0547-5) https://rhn.redhat.com/errata/RHSA-2006-0547.html SUSE Security Advisory (SUSE-SR:2006:017) http://www.novell.com/linux/security/advisories/2006_17_sr.html SGI Security Advisory (20060703-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc Apple Security Update (306172) http://docs.info.apple.com/article.html?artnum=306172 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-06-17 |
1.1 | Aviso emitido por Red Hat (RHSA-2006:0547-5) | 2006-07-04 |
1.2 | Aviso emitido por Suse (SUSE-SR:2006:017) | 2006-07-24 |
1.3 | Aviso emitido por SGI (20060703-01-U) | 2006-08-01 |
1.4 | Aviso emitido por Apple (306172) | 2007-08-02 |