Vulnerability Bulletins

int(945)

Vulnerability Bulletins

Cross site scripting en SqWebMail
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Avanzado
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	SqWebMail <=4.0.4
Description
Se ha descubierto una vulnerabilidad de cross site scripting en la versión 4.0.4 y anteriores de SqWebMail, una aplicación de Webmail proporcionada por Courier Mail Server. La vulnerabilidad reside en un error de validación de entrada en la función "print_header_uc()" a la hora de mostrar las cabeceras de un mensaje. La explotación de esta vulnerabilidad podría permitir a un atacante remoto la ejecución de código remoto en los sistemas de los usuarios de SqWebMail mediante el envío de un email especialmente diseñado.
Solution
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software SqWebMail SqWebMail 4.0.5 http://www.courier-mta.org/download.php#sqwebmail Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.dsc http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.diff.gz http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz Componentes independientes de arquitectura http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.5_all.deb ARM http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_arm.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_i386.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_ia64.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_ia64.deb HP Precision http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_hppa.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_m68k.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_mips.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_mipsel.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_powerpc.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_s390.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_sparc.deb http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_sparc.deb
Standar resources
Property	Value
CVE	CAN-2004-0591
BID	10588
Other resources
Debian Security Advisory DSA 533-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00136.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-07-23

Vulnerability Bulletins

Cross site scripting en SqWebMail

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history