Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:101 (squirrelmail)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56950

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:101 (squirrelmail)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to squirrelmail
announced via advisory MDKSA-2006:101.

A PHP remote file inclusion vulnerability in functions/plugin.php
in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and
magic_quotes_gpc is disabled, allows remote attackers to execute
arbitrary PHP code via a URL in the plugins array parameter.

NOTE: this issue has been disputed by third parties, who state that
Squirrelmail provides prominent warnings to the administrator when
register_globals is enabled.

Updated packages are patched to address these issues.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:101

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2842
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
BugTraq ID: 18231
http://www.securityfocus.com/bid/18231
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
Bugtraq: 20060601 Squirrelmail local file inclusion (Google Search)
http://www.securityfocus.com/archive/1/435605/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670
http://www.redhat.com/support/errata/RHSA-2006-0547.html
http://securitytracker.com/id?1016209
http://secunia.com/advisories/20406
http://secunia.com/advisories/20931
http://secunia.com/advisories/21159
http://secunia.com/advisories/21262
http://secunia.com/advisories/26235
SGI Security Advisory: 20060703-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
SuSE Security Announcement: SUSE-SR:2006:017 (Google Search)
http://www.novell.com/linux/security/advisories/2006_17_sr.html
http://www.vupen.com/english/advisories/2006/2101
http://www.vupen.com/english/advisories/2007/2732

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56950
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:101 (squirrelmail)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to squirrelmail announced via advisory MDKSA-2006:101. A PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Updated packages are patched to address these issues. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:101 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2842 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 18231 http://www.securityfocus.com/bid/18231 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Bugtraq: 20060601 Squirrelmail local file inclusion (Google Search) http://www.securityfocus.com/archive/1/435605/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670 http://www.redhat.com/support/errata/RHSA-2006-0547.html http://securitytracker.com/id?1016209 http://secunia.com/advisories/20406 http://secunia.com/advisories/20931 http://secunia.com/advisories/21159 http://secunia.com/advisories/21262 http://secunia.com/advisories/26235 SGI Security Advisory: 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc SuSE Security Announcement: SUSE-SR:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sr.html http://www.vupen.com/english/advisories/2006/2101 http://www.vupen.com/english/advisories/2007/2732
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com