Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21822
HistoryMay 13, 2009 - 12:00 a.m.

[ MDVSA-2009:110 ] squirrelmail

2009-05-1300:00:00
vulners.com
30
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2009:110
http://www.mandriva.com/security/

Package : squirrelmail
Date : May 12, 2009
Affected: Corporate 4.0

Problem Description:

Multiple vulnerabilities has been identified and corrected in
squirrelmail:

Two issues were fixed that both allowed an attacker to run arbitrary
script (XSS) on most any SquirrelMail page by getting the user to
click on specially crafted SquirrelMail links (CVE-2009-1578).

An issue was fixed wherein input to the contrib/decrypt_headers.php
script was not sanitized and allowed arbitrary script execution upon
submission of certain values (CVE-2009-1578).

An issue was fixed that allowed arbitrary server-side code execution
when SquirrelMail was configured to use the example map_yp_alias
username mapping functionality (CVE-2009-1579).

An issue was fixed that allowed an attacker to possibly steal user
data by hijacking the SquirrelMail login session. (CVE-2009-1580).

An issue was fixed that allowed phishing and cross-site scripting
(XSS) attacks to be run by surreptitious placement of content in
specially-crafted emails sent to SquirrelMail users (CVE-2009-1581).

Additionally many of the bundled plugins has been upgraded. Basically
this is a syncronization with the latest squirrelmail package found
in Mandriva Cooker. The rpm changelog will reveal all the changes
(rpm -q --changelog squirrelmail).

The updated packages have been upgraded to the latest version of
squirrelmail to prevent this.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1581

Updated Packages:

Corporate 4.0:
d8e8e8560b8b5cf89bb06dbda75033ef
corporate/4.0/i586/squirrelmail-1.4.18-0.1.20060mlcs4.noarch.rpm
0ba6c8b99d8ccac0df0d3e90a7d70f47
corporate/4.0/i586/squirrelmail-ar-1.4.18-0.1.20060mlcs4.noarch.rpm
54b0bb74cba4da1dffdf0dc044de0986
corporate/4.0/i586/squirrelmail-bg-1.4.18-0.1.20060mlcs4.noarch.rpm
fe1cfa4f6317fd8e295e0265be5da46b
corporate/4.0/i586/squirrelmail-bn-1.4.18-0.1.20060mlcs4.noarch.rpm
46835353a19ca7e290ee0f538dc1cfec
corporate/4.0/i586/squirrelmail-ca-1.4.18-0.1.20060mlcs4.noarch.rpm
786fcdba5121c48523b856cf3ff2c7a2
corporate/4.0/i586/squirrelmail-cs-1.4.18-0.1.20060mlcs4.noarch.rpm
a792847e8d14f3249700e6779d2abbf1
corporate/4.0/i586/squirrelmail-cy-1.4.18-0.1.20060mlcs4.noarch.rpm
b539efa2ba48b7b20f7c5e095fd43286
corporate/4.0/i586/squirrelmail-cyrus-1.4.18-0.1.20060mlcs4.noarch.rpm
a57030df0e927b18ff0d40d745400cec
corporate/4.0/i586/squirrelmail-da-1.4.18-0.1.20060mlcs4.noarch.rpm
3d97a69708fef53af1c525c39c093b07
corporate/4.0/i586/squirrelmail-de-1.4.18-0.1.20060mlcs4.noarch.rpm
98441c32e477f087e78782a37e15ff4c
corporate/4.0/i586/squirrelmail-el-1.4.18-0.1.20060mlcs4.noarch.rpm
98b2e8b09c82a5ebc00047683bc6b20b
corporate/4.0/i586/squirrelmail-en-1.4.18-0.1.20060mlcs4.noarch.rpm
af04c8fd5c883b91959969d29c3af0cb
corporate/4.0/i586/squirrelmail-es-1.4.18-0.1.20060mlcs4.noarch.rpm
7e2d7a7bbab015d551b058352b21162c
corporate/4.0/i586/squirrelmail-et-1.4.18-0.1.20060mlcs4.noarch.rpm
e3b34eb6311c4ee45b3e39285cc547f4
corporate/4.0/i586/squirrelmail-eu-1.4.18-0.1.20060mlcs4.noarch.rpm
8f4b2e47224cd83b244745b11f7cda9f
corporate/4.0/i586/squirrelmail-fa-1.4.18-0.1.20060mlcs4.noarch.rpm
fa7b77a672e5afa5e09b771d1ead14ff
corporate/4.0/i586/squirrelmail-fi-1.4.18-0.1.20060mlcs4.noarch.rpm
cb03089c1d10100f95b51e9345cc276b
corporate/4.0/i586/squirrelmail-fo-1.4.18-0.1.20060mlcs4.noarch.rpm
bb4bbb512b376271caff2ab4677a47e9
corporate/4.0/i586/squirrelmail-fr-1.4.18-0.1.20060mlcs4.noarch.rpm
2dcc5aee1f396884ea1f74c22b12c33a
corporate/4.0/i586/squirrelmail-fy-1.4.18-0.1.20060mlcs4.noarch.rpm
b87f520a511a53315ac9e1d594b7e3b9
corporate/4.0/i586/squirrelmail-he-1.4.18-0.1.20060mlcs4.noarch.rpm
4fdce8e38907de080ed1e1b76ef1d738
corporate/4.0/i586/squirrelmail-hr-1.4.18-0.1.20060mlcs4.noarch.rpm
0033224ec4127bd3768ec8b04b8de062
corporate/4.0/i586/squirrelmail-hu-1.4.18-0.1.20060mlcs4.noarch.rpm
18abc4c3cef94dc46cf26f33c3810e01
corporate/4.0/i586/squirrelmail-id-1.4.18-0.1.20060mlcs4.noarch.rpm
53c1d4d450cfa0c73e146aadf151d98b
corporate/4.0/i586/squirrelmail-is-1.4.18-0.1.20060mlcs4.noarch.rpm
aff35aa1c9e1e1e5be59b51b24ed1dbd
corporate/4.0/i586/squirrelmail-it-1.4.18-0.1.20060mlcs4.noarch.rpm
c1b86cbcf1f7060fa760f58cd10862b6
corporate/4.0/i586/squirrelmail-ja-1.4.18-0.1.20060mlcs4.noarch.rpm
dd889c369ce6880478f594b5fbdb2bed
corporate/4.0/i586/squirrelmail-ka-1.4.18-0.1.20060mlcs4.noarch.rpm
7f7f23c4354b9b586eb53d4a6662578d
corporate/4.0/i586/squirrelmail-ko-1.4.18-0.1.20060mlcs4.noarch.rpm
7ef00ea3edaa930bbbbb3029ef0cd483
corporate/4.0/i586/squirrelmail-lt-1.4.18-0.1.20060mlcs4.noarch.rpm
2e290b9724563cdfaef6077b7e4d2404
corporate/4.0/i586/squirrelmail-ms-1.4.18-0.1.20060mlcs4.noarch.rpm
d2e83840bb4c30d4d5a8c3e2445c4866
corporate/4.0/i586/squirrelmail-nb-1.4.18-0.1.20060mlcs4.noarch.rpm
c3400f8c12162f3e625eb4333aca6269
corporate/4.0/i586/squirrelmail-nl-1.4.18-0.1.20060mlcs4.noarch.rpm
a4df4067f08adbf6f4645e7e0204a66f
corporate/4.0/i586/squirrelmail-nn-1.4.18-0.1.20060mlcs4.noarch.rpm
4af182f66a0bc66a3df4ac85a2366c71
corporate/4.0/i586/squirrelmail-pl-1.4.18-0.1.20060mlcs4.noarch.rpm
be322cd83156490966e1a9a546fec7a5
corporate/4.0/i586/squirrelmail-poutils-1.4.18-0.1.20060mlcs4.noarch.rpm
7c604c320705c107d00888de6df2531a
corporate/4.0/i586/squirrelmail-pt-1.4.18-0.1.20060mlcs4.noarch.rpm
8835fcddd28bd9bce91bae8f89214a66
corporate/4.0/i586/squirrelmail-ro-1.4.18-0.1.20060mlcs4.noarch.rpm
faa71dda2dd7dd2aebc3b64feccd9b60
corporate/4.0/i586/squirrelmail-ru-1.4.18-0.1.20060mlcs4.noarch.rpm
be7210a088ee2a9473a01cf020041291
corporate/4.0/i586/squirrelmail-sk-1.4.18-0.1.20060mlcs4.noarch.rpm
88c8e74238c41d3cee2eb5ed592ab4f3
corporate/4.0/i586/squirrelmail-sl-1.4.18-0.1.20060mlcs4.noarch.rpm
b0979772171542783998eedba64e6f65
corporate/4.0/i586/squirrelmail-sr-1.4.18-0.1.20060mlcs4.noarch.rpm
4f66d88d87725ff3af94589b42de62e2
corporate/4.0/i586/squirrelmail-sv-1.4.18-0.1.20060mlcs4.noarch.rpm
a6dd2a4308464c4a1671e97903432149
corporate/4.0/i586/squirrelmail-th-1.4.18-0.1.20060mlcs4.noarch.rpm
e183c600779db301dd94240c1006833b
corporate/4.0/i586/squirrelmail-tr-1.4.18-0.1.20060mlcs4.noarch.rpm
64c9cda07ccfde2387d77eaff2e99d13
corporate/4.0/i586/squirrelmail-ug-1.4.18-0.1.20060mlcs4.noarch.rpm
dabb27edcf029498991e9f396422e5e3
corporate/4.0/i586/squirrelmail-uk-1.4.18-0.1.20060mlcs4.noarch.rpm
88fcde6cd52d9dbe4c96f5410c9cdfd4
corporate/4.0/i586/squirrelmail-vi-1.4.18-0.1.20060mlcs4.noarch.rpm
3b990fe5c878e16b2021634fbef588aa
corporate/4.0/i586/squirrelmail-zh_CN-1.4.18-0.1.20060mlcs4.noarch.rpm
c3ff953563b24c0e8246272d3dc84545
corporate/4.0/i586/squirrelmail-zh_TW-1.4.18-0.1.20060mlcs4.noarch.rpm
2b54d7cc703b418576918d90d3d4432d corporate/4.0/SRPMS/squirrelmail-1.4.18-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
433b77767d50f8346c5a616bf6c37ea2
corporate/4.0/x86_64/squirrelmail-1.4.18-0.1.20060mlcs4.noarch.rpm
26a33e2dda348016b78eb1c32d154952
corporate/4.0/x86_64/squirrelmail-ar-1.4.18-0.1.20060mlcs4.noarch.rpm
51ca0e83e805a042b988807e8b1a55c1
corporate/4.0/x86_64/squirrelmail-bg-1.4.18-0.1.20060mlcs4.noarch.rpm
b6d5c2acd0a54be834c21123be20ccbc
corporate/4.0/x86_64/squirrelmail-bn-1.4.18-0.1.20060mlcs4.noarch.rpm
c73dc29350d2218f4a8379d5ad43dc32
corporate/4.0/x86_64/squirrelmail-ca-1.4.18-0.1.20060mlcs4.noarch.rpm
9641ed777f9d0aae1a6278e1eb125ebf
corporate/4.0/x86_64/squirrelmail-cs-1.4.18-0.1.20060mlcs4.noarch.rpm
215ad01fb29c693fec6fec4cc0ff307a
corporate/4.0/x86_64/squirrelmail-cy-1.4.18-0.1.20060mlcs4.noarch.rpm
c269ea6df090c0fc0d75ca4c7e262d54
corporate/4.0/x86_64/squirrelmail-cyrus-1.4.18-0.1.20060mlcs4.noarch.rpm
763e673dc24adcd1653211f8fb0fe6e0
corporate/4.0/x86_64/squirrelmail-da-1.4.18-0.1.20060mlcs4.noarch.rpm
b410626dcc1ad28322bc85afad65f8ac
corporate/4.0/x86_64/squirrelmail-de-1.4.18-0.1.20060mlcs4.noarch.rpm
f6a62db321be2288b9f495ae2814a438
corporate/4.0/x86_64/squirrelmail-el-1.4.18-0.1.20060mlcs4.noarch.rpm
316eb97651c2c1a49efea3983b53c439
corporate/4.0/x86_64/squirrelmail-en-1.4.18-0.1.20060mlcs4.noarch.rpm
1bc2e0fb21a7324c10b135ccd516d585
corporate/4.0/x86_64/squirrelmail-es-1.4.18-0.1.20060mlcs4.noarch.rpm
96386f72703a22f104409aa4718ef0f5
corporate/4.0/x86_64/squirrelmail-et-1.4.18-0.1.20060mlcs4.noarch.rpm
6923952a68a66762bfaa4a9619642c01
corporate/4.0/x86_64/squirrelmail-eu-1.4.18-0.1.20060mlcs4.noarch.rpm
978805a5ae2da3e0511ea54f0acb3273
corporate/4.0/x86_64/squirrelmail-fa-1.4.18-0.1.20060mlcs4.noarch.rpm
9f7925ac87f879d7f1fe5cebc33edf5d
corporate/4.0/x86_64/squirrelmail-fi-1.4.18-0.1.20060mlcs4.noarch.rpm
4d159c46967e426da5a8350780c97146
corporate/4.0/x86_64/squirrelmail-fo-1.4.18-0.1.20060mlcs4.noarch.rpm
8555c7977a29a63ef56e39a18594396c
corporate/4.0/x86_64/squirrelmail-fr-1.4.18-0.1.20060mlcs4.noarch.rpm
eb14ed59d6ca55b903c312aec98cbb04
corporate/4.0/x86_64/squirrelmail-fy-1.4.18-0.1.20060mlcs4.noarch.rpm
35426fbeca91dd6d36111ce0117ab8e6
corporate/4.0/x86_64/squirrelmail-he-1.4.18-0.1.20060mlcs4.noarch.rpm
a298bd3ce7d892066c86bddf207689f1
corporate/4.0/x86_64/squirrelmail-hr-1.4.18-0.1.20060mlcs4.noarch.rpm
657c49dc5e8e53a5610e24d4767517b0
corporate/4.0/x86_64/squirrelmail-hu-1.4.18-0.1.20060mlcs4.noarch.rpm
8ad488461ae8c982e69491aabbd15115
corporate/4.0/x86_64/squirrelmail-id-1.4.18-0.1.20060mlcs4.noarch.rpm
4a32ee4464c6fbc0c8a142da0fa506ad
corporate/4.0/x86_64/squirrelmail-is-1.4.18-0.1.20060mlcs4.noarch.rpm
3f1b8c7da67999601e9e1eaaa47f4839
corporate/4.0/x86_64/squirrelmail-it-1.4.18-0.1.20060mlcs4.noarch.rpm
650d8271a74d939af54cc930eac0a6be
corporate/4.0/x86_64/squirrelmail-ja-1.4.18-0.1.20060mlcs4.noarch.rpm
bd4bb44415013aa1e7ba189bae0740c9
corporate/4.0/x86_64/squirrelmail-ka-1.4.18-0.1.20060mlcs4.noarch.rpm
b5a43940b104900b60a916778901128c
corporate/4.0/x86_64/squirrelmail-ko-1.4.18-0.1.20060mlcs4.noarch.rpm
3ac9259e6f1ab8028e6cc3699a800534
corporate/4.0/x86_64/squirrelmail-lt-1.4.18-0.1.20060mlcs4.noarch.rpm
ae422f5869b23da06795517f46d39ca0
corporate/4.0/x86_64/squirrelmail-ms-1.4.18-0.1.20060mlcs4.noarch.rpm
a5c298865d6cea53ea04e3672f780581
corporate/4.0/x86_64/squirrelmail-nb-1.4.18-0.1.20060mlcs4.noarch.rpm
32adde69f7693c4f8e3655c676de2111
corporate/4.0/x86_64/squirrelmail-nl-1.4.18-0.1.20060mlcs4.noarch.rpm
5423fb5f6a21041058293207025185f6
corporate/4.0/x86_64/squirrelmail-nn-1.4.18-0.1.20060mlcs4.noarch.rpm
62fb5a9fa032c67067ca91a68bb2bba1
corporate/4.0/x86_64/squirrelmail-pl-1.4.18-0.1.20060mlcs4.noarch.rpm
9fcd278d4aefee3f0862a4d77ca0c83b
corporate/4.0/x86_64/squirrelmail-poutils-1.4.18-0.1.20060mlcs4.noarch.rpm
b215defbe454e8e228ca4e985ab994a0
corporate/4.0/x86_64/squirrelmail-pt-1.4.18-0.1.20060mlcs4.noarch.rpm
1a48db345473823edb70d89669cea0b7
corporate/4.0/x86_64/squirrelmail-ro-1.4.18-0.1.20060mlcs4.noarch.rpm
9e05871e2006613bf9336ed142607a1b
corporate/4.0/x86_64/squirrelmail-ru-1.4.18-0.1.20060mlcs4.noarch.rpm
c434553549f5cf0228d7e9004900b469
corporate/4.0/x86_64/squirrelmail-sk-1.4.18-0.1.20060mlcs4.noarch.rpm
8ab1c97df6777152033328c3bebdb39b
corporate/4.0/x86_64/squirrelmail-sl-1.4.18-0.1.20060mlcs4.noarch.rpm
2987e7b4a7d30e4f783c1276abe52690
corporate/4.0/x86_64/squirrelmail-sr-1.4.18-0.1.20060mlcs4.noarch.rpm
b5a050b41662ba0aca81d6cec644acdc
corporate/4.0/x86_64/squirrelmail-sv-1.4.18-0.1.20060mlcs4.noarch.rpm
525b72de2e17ccc3ea2734503d643bc6
corporate/4.0/x86_64/squirrelmail-th-1.4.18-0.1.20060mlcs4.noarch.rpm
f679385f3d809513d49bdd292e48eac6
corporate/4.0/x86_64/squirrelmail-tr-1.4.18-0.1.20060mlcs4.noarch.rpm
8137527b2d022475d03d3df47ebf466c
corporate/4.0/x86_64/squirrelmail-ug-1.4.18-0.1.20060mlcs4.noarch.rpm
0f4fb23a47835c098c1f590ebc29fb2b
corporate/4.0/x86_64/squirrelmail-uk-1.4.18-0.1.20060mlcs4.noarch.rpm
5ea1cd5f19f8672bdc7f5ca3fc1d2209
corporate/4.0/x86_64/squirrelmail-vi-1.4.18-0.1.20060mlcs4.noarch.rpm
31ac87a5c439d15d51c545bdbd73bb02
corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.18-0.1.20060mlcs4.noarch.rpm
3f6464ee203709d39ff1dc2912ead586
corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.18-0.1.20060mlcs4.noarch.rpm
2b54d7cc703b418576918d90d3d4432d corporate/4.0/SRPMS/squirrelmail-1.4.18-0.1.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKCdcEmqjQ0CJFipgRAkYWAKCjNlcOP2von8aLzdwC/UjWdH3mJACePW7i
s0bXxM7J1FKwpNPJvigZ11A=
=O+8B
-----END PGP SIGNATURE-----

Related

openvas 35
nessus 19
debian 2
fedora 6
gentoo 1
osv 2
centos 2
redhat 2
oraclelinux 2
securityvulns 1
prion 5
veracode 3
ubuntucve 5
cve 5
openvas
openvas
SquirrelMail < 1.4.18 Multiple Vulnerabilities
2009-05-14 00:00:00
Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)
2009-05-20 00:00:00
Debian Security Advisory DSA 1802-1 (squirrelmail)
2009-05-25 00:00:00
nessus
nessus
Fedora 11 : squirrelmail-1.4.18-1.fc11 (2009-4875)
2009-05-13 00:00:00
Fedora 10 : squirrelmail-1.4.18-1.fc10 (2009-4880)
2009-05-13 00:00:00
openSUSE 10 Security Update : squirrelmail (squirrelmail-6242)
2009-05-14 00:00:00
debian
debian
[SECURITY] [DSA 1802-1] New squirrelmail packages fix several vulnerabilities
2009-05-19 17:17:37
[SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix
2009-05-21 18:50:30
fedora
fedora
[SECURITY] Fedora 11 Update: squirrelmail-1.4.18-1.fc11
2009-05-13 00:22:47
[SECURITY] Fedora 10 Update: squirrelmail-1.4.18-1.fc10
2009-05-13 00:24:02
[SECURITY] Fedora 9 Update: squirrelmail-1.4.18-1.fc9
2009-05-13 00:21:12
gentoo
gentoo
SquirrelMail: Multiple vulnerabilities
2010-01-13 00:00:00
osv
osv
squirrelmail - incomplete fix
2009-05-21 00:00:00
squirrelmail - several vulnerabilities
2009-05-21 00:00:00
centos
centos
squirrelmail security update
2009-05-27 06:45:50
squirrelmail security update
2009-01-19 22:38:06
redhat
redhat
(RHSA-2009:1066) Important: squirrelmail security update
2009-05-26 00:00:00
(RHSA-2009:0057) Important: squirrelmail security update
2009-01-19 00:00:00
oraclelinux
oraclelinux
squirrelmail security update
2009-05-26 00:00:00
squirrelmail security update
2009-01-20 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-05-13 00:00:00
prion
prion
Session fixation
2009-05-14 17:30:00
Design/Logic Flaw
2009-05-14 17:30:00
Cross site scripting
2009-05-14 17:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:39:09
Cross-site Scripting (XSS)
2020-04-10 00:39:09
Cross-site Scripting (XSS)
2020-04-10 00:39:10
ubuntucve
ubuntucve
CVE-2009-1581
2009-05-14 00:00:00
CVE-2009-1580
2009-05-14 00:00:00
CVE-2009-1579
2009-05-14 00:00:00
cve
cve
CVE-2009-1579
2009-05-14 17:30:00
CVE-2009-1580
2009-05-14 17:30:00
CVE-2009-1578
2009-05-14 17:30:00
JSON
Related for SECURITYVULNS:DOC:21822
openvas35nessus19debian2fedora6gentoo1osv2centos2redhat2oraclelinux2securityvulns1prion5veracode3ubuntucve5cve5