Test Kennung:	1.3.6.1.4.1.25623.1.0.123994
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2012-0103)
Zusammenfassung:	The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory. Vulnerability Insight: [1.4.8-5.0.1.el5_7.13] - Remove Redhat splash screen images [1.4.8-5.13] - fix typo in CVE-20210-4555 patch [1.4.8-5.12] - patch for CVE-2010-2813 was not complete [1.4.8-5.11] - fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in Mail Fetch plugin - fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password - fix: CVE-2010-4554 : Prone to clickjacking attacks - fix: CVE-2010-4555 : Multiple XSS flaws [tag handling] - fix: CVE-2011-2752 : CRLF injection vulnerability - fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index Order page Affected Software/OS: 'squirrelmail' package(s) on Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1637 40291 http://www.securityfocus.com/bid/40291 40307 http://secunia.com/advisories/40307 http://www.securityfocus.com/bid/40307 ADV-2010-1535 http://www.vupen.com/english/advisories/2010/1535 ADV-2010-1536 http://www.vupen.com/english/advisories/2010/1536 ADV-2010-1554 http://www.vupen.com/english/advisories/2010/1554 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html FEDORA-2010-10244 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html FEDORA-2010-10259 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html FEDORA-2010-10264 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html MDVSA-2010:120 http://www.mandriva.com/security/advisories?name=MDVSA-2010:120 RHSA-2012:0103 http://rhn.redhat.com/errata/RHSA-2012-0103.html [oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/05/25/3 http://www.openwall.com/lists/oss-security/2010/05/25/9 [oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/06/21/1 http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://squirrelmail.org/security/issue/2010-06-21 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951 http://support.apple.com/kb/HT5130 Common Vulnerability Exposure (CVE) ID: CVE-2010-2813 BugTraq ID: 42399 http://www.securityfocus.com/bid/42399 Debian Security Information: DSA-2091 (Google Search) http://www.debian.org/security/2010/dsa-2091 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html RedHat Security Advisories: RHSA-2012:0103 http://secunia.com/advisories/40964 http://secunia.com/advisories/40971 http://www.vupen.com/english/advisories/2010/2070 http://www.vupen.com/english/advisories/2010/2080 XForce ISS Database: squirrelmail-imap-dos(61124) https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 Common Vulnerability Exposure (CVE) ID: CVE-2010-4554 Debian Security Information: DSA-2291 (Google Search) http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 XForce ISS Database: squirrelmail-http-clickjacking(68512) https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 Common Vulnerability Exposure (CVE) ID: CVE-2010-4555 XForce ISS Database: squirrelmail-dropdown-xss(68510) https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 XForce ISS Database: squirrelmail-spellchecking-xss(68511) https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 Common Vulnerability Exposure (CVE) ID: CVE-2011-2023 http://securitytracker.com/id?1025766 Common Vulnerability Exposure (CVE) ID: CVE-2011-2752 XForce ISS Database: squirrelmail-newline-crlf-injection(68587) https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 Common Vulnerability Exposure (CVE) ID: CVE-2011-2753 XForce ISS Database: squirrelmail-authentication-csrf(68586) https://exchange.xforce.ibmcloud.com/vulnerabilities/68586
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.