ID de Prueba:	1.3.6.1.4.1.25623.1.0.14228
Categoría:	CGI abuses
Título:	SquirrelMail XSS and Local escalation
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running SquirrelMail, a web-based mail server. There are several flaws in all versions less than 1.4.3 and development versions 1.5.0 and 1.5.1 which allow for local root access and remote Cross-Site-Scripting (XSS) attacks. ***** Nessus has determined the vulnerability exists on the target ***** simply by looking at the version number of Squirrelmail ***** installed there. Solution : Upgrade to SquirrelMail 1.4.3 or greater. Risk factor : Medium
Referencia Cruzada:	BugTraq ID: 10246 BugTraq ID: 10397 BugTraq ID: 10439 Common Vulnerability Exposure (CVE) ID: CVE-2004-0519 http://www.securityfocus.com/bid/10246 Bugtraq: 20040429 SquirrelMail Cross Scripting Attacks.... (Google Search) http://marc.info/?l=bugtraq&m=108334862800260 Bugtraq: 20040430 Re: SquirrelMail Cross Scripting Attacks.... (Google Search) http://www.securityfocus.com/archive/1/361857 Conectiva Linux advisory: CLA-2004:858 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 Debian Security Information: DSA-535 (Google Search) http://www.debian.org/security/2004/dsa-535 http://www.securityfocus.com/advisories/6827 https://bugzilla.fedora.us/show_bug.cgi?id=1733 http://security.gentoo.org/glsa/glsa-200405-16.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274 RedHat Security Advisories: RHSA-2004:240 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11531 http://secunia.com/advisories/11686 http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 SGI Security Advisory: 20040604-01-U ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc SuSE Security Announcement: SUSE-SR:2005:019 (Google Search) http://www.novell.com/linux/security/advisories/2005_19_sr.html XForce ISS Database: squirrel-composephp-xss(16025) https://exchange.xforce.ibmcloud.com/vulnerabilities/16025 Common Vulnerability Exposure (CVE) ID: CVE-2004-0520 http://www.securityfocus.com/bid/10439 Bugtraq: 20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108611554415078&w=2 http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt http://marc.info/?l=squirrelmail-cvs&m=108532891231712 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766 Common Vulnerability Exposure (CVE) ID: CVE-2004-0521 http://www.securityfocus.com/advisories/7148 http://www.securityfocus.com/bid/10397 Computer Incident Advisory Center Bulletin: O-212 http://www.ciac.org/ciac/bulletins/o-212.shtml http://marc.info/?l=squirrelmail-cvs&m=108309375029888 http://www.osvdb.org/6841 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446 http://secunia.com/advisories/11685 XForce ISS Database: squirrelmail-sql-injection(16235) https://exchange.xforce.ibmcloud.com/vulnerabilities/16235
Copyright	This script is Copyright (C) 2004 George A. Theall and Tenable Network Security

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.