|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2091-1 (squirrelmail)|
|Summary:||Debian Security Advisory DSA 2091-1 (squirrelmail)|
The remote host is missing an update to squirrelmail
announced via advisory DSA 2091-1.
SquirrelMail, a webmail application, does not employ a user-specific token
for webforms. This allows a remote attacker to perform a Cross Site Request
Forgery (CSRF) attack. The attacker may hijack the authentication of
unspecified victims and send messages or change user preferences among other
actions, by tricking the victim into following a link controled by the
In addition, a denial-of-service was fixed, which could be triggered when a
passwords containing 8-bit characters was used to log in (CVE-2010-2813).
For the stable distribution (lenny), these problems have been fixed in
For the testing distribution (squeeze) and the unstable distribution (sid),
these problems have been fixed in version 1.4.21-1.
We recommend that you upgrade your squirrelmail packages.
Common Vulnerability Exposure (CVE) ID: CVE-2009-2964|
Debian Security Information: DSA-2091 (Google Search)
BugTraq ID: 36196
XForce ISS Database: squirrelmail-unspecified-csrf(52406)
Common Vulnerability Exposure (CVE) ID: CVE-2010-2813
RedHat Security Advisories: RHSA-2012:0103
BugTraq ID: 42399
XForce ISS Database: squirrelmail-imap-dos(61124)
|Copyright||Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.