Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0103)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123994

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2012-0103)

Resumen: The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory.

Descripción: Summary:
The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory.

Vulnerability Insight:
[1.4.8-5.0.1.el5_7.13]
- Remove Redhat splash screen images

[1.4.8-5.13]
- fix typo in CVE-20210-4555 patch

[1.4.8-5.12]
- patch for CVE-2010-2813 was not complete

[1.4.8-5.11]
- fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in
Mail Fetch plugin
- fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login
attempts with 8-bit characters in the password
- fix: CVE-2010-4554 : Prone to clickjacking attacks
- fix: CVE-2010-4555 : Multiple XSS flaws
[tag handling]
- fix: CVE-2011-2752 : CRLF injection vulnerability
- fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index Order page

Affected Software/OS:
'squirrelmail' package(s) on Oracle Linux 4, Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1637
40291
http://www.securityfocus.com/bid/40291
40307
http://secunia.com/advisories/40307
http://www.securityfocus.com/bid/40307
ADV-2010-1535
http://www.vupen.com/english/advisories/2010/1535
ADV-2010-1536
http://www.vupen.com/english/advisories/2010/1536
ADV-2010-1554
http://www.vupen.com/english/advisories/2010/1554
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
FEDORA-2010-10244
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html
FEDORA-2010-10259
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html
FEDORA-2010-10264
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html
MDVSA-2010:120
http://www.mandriva.com/security/advisories?name=MDVSA-2010:120
RHSA-2012:0103
http://rhn.redhat.com/errata/RHSA-2012-0103.html
[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail
http://www.openwall.com/lists/oss-security/2010/05/25/3
http://www.openwall.com/lists/oss-security/2010/05/25/9
[oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail
http://www.openwall.com/lists/oss-security/2010/06/21/1
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69
http://squirrelmail.org/security/issue/2010-06-21
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951
http://support.apple.com/kb/HT5130
Common Vulnerability Exposure (CVE) ID: CVE-2010-2813
BugTraq ID: 42399
http://www.securityfocus.com/bid/42399
Debian Security Information: DSA-2091 (Google Search)
http://www.debian.org/security/2010/dsa-2091
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html
RedHat Security Advisories: RHSA-2012:0103
http://secunia.com/advisories/40964
http://secunia.com/advisories/40971
http://www.vupen.com/english/advisories/2010/2070
http://www.vupen.com/english/advisories/2010/2080
XForce ISS Database: squirrelmail-imap-dos(61124)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61124
Common Vulnerability Exposure (CVE) ID: CVE-2010-4554
Debian Security Information: DSA-2291 (Google Search)
http://www.debian.org/security/2011/dsa-2291
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
XForce ISS Database: squirrelmail-http-clickjacking(68512)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68512
Common Vulnerability Exposure (CVE) ID: CVE-2010-4555
XForce ISS Database: squirrelmail-dropdown-xss(68510)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68510
XForce ISS Database: squirrelmail-spellchecking-xss(68511)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68511
Common Vulnerability Exposure (CVE) ID: CVE-2011-2023
http://securitytracker.com/id?1025766
Common Vulnerability Exposure (CVE) ID: CVE-2011-2752
XForce ISS Database: squirrelmail-newline-crlf-injection(68587)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68587
Common Vulnerability Exposure (CVE) ID: CVE-2011-2753
XForce ISS Database: squirrelmail-authentication-csrf(68586)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68586

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123994
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2012-0103)
Resumen:	The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory.
Descripción:	Summary: The remote host is missing an update for the 'squirrelmail' package(s) announced via the ELSA-2012-0103 advisory. Vulnerability Insight: [1.4.8-5.0.1.el5_7.13] - Remove Redhat splash screen images [1.4.8-5.13] - fix typo in CVE-20210-4555 patch [1.4.8-5.12] - patch for CVE-2010-2813 was not complete [1.4.8-5.11] - fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in Mail Fetch plugin - fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password - fix: CVE-2010-4554 : Prone to clickjacking attacks - fix: CVE-2010-4555 : Multiple XSS flaws [tag handling] - fix: CVE-2011-2752 : CRLF injection vulnerability - fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index Order page Affected Software/OS: 'squirrelmail' package(s) on Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1637 40291 http://www.securityfocus.com/bid/40291 40307 http://secunia.com/advisories/40307 http://www.securityfocus.com/bid/40307 ADV-2010-1535 http://www.vupen.com/english/advisories/2010/1535 ADV-2010-1536 http://www.vupen.com/english/advisories/2010/1536 ADV-2010-1554 http://www.vupen.com/english/advisories/2010/1554 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html FEDORA-2010-10244 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html FEDORA-2010-10259 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html FEDORA-2010-10264 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html MDVSA-2010:120 http://www.mandriva.com/security/advisories?name=MDVSA-2010:120 RHSA-2012:0103 http://rhn.redhat.com/errata/RHSA-2012-0103.html [oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/05/25/3 http://www.openwall.com/lists/oss-security/2010/05/25/9 [oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/06/21/1 http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://squirrelmail.org/security/issue/2010-06-21 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951 http://support.apple.com/kb/HT5130 Common Vulnerability Exposure (CVE) ID: CVE-2010-2813 BugTraq ID: 42399 http://www.securityfocus.com/bid/42399 Debian Security Information: DSA-2091 (Google Search) http://www.debian.org/security/2010/dsa-2091 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html RedHat Security Advisories: RHSA-2012:0103 http://secunia.com/advisories/40964 http://secunia.com/advisories/40971 http://www.vupen.com/english/advisories/2010/2070 http://www.vupen.com/english/advisories/2010/2080 XForce ISS Database: squirrelmail-imap-dos(61124) https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 Common Vulnerability Exposure (CVE) ID: CVE-2010-4554 Debian Security Information: DSA-2291 (Google Search) http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 XForce ISS Database: squirrelmail-http-clickjacking(68512) https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 Common Vulnerability Exposure (CVE) ID: CVE-2010-4555 XForce ISS Database: squirrelmail-dropdown-xss(68510) https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 XForce ISS Database: squirrelmail-spellchecking-xss(68511) https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 Common Vulnerability Exposure (CVE) ID: CVE-2011-2023 http://securitytracker.com/id?1025766 Common Vulnerability Exposure (CVE) ID: CVE-2011-2752 XForce ISS Database: squirrelmail-newline-crlf-injection(68587) https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 Common Vulnerability Exposure (CVE) ID: CVE-2011-2753 XForce ISS Database: squirrelmail-authentication-csrf(68586) https://exchange.xforce.ibmcloud.com/vulnerabilities/68586
Copyright	Copyright (C) 2015 Greenbone AG