DSA-662-2
- Source
- https://security-tracker.debian.org/tracker/DSA-662-2
- Import Source
- https://storage.googleapis.com/debian-osv/dsa-osv/DSA-662-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/DSA-662-2
- Withdrawn
- 2024-05-15T05:36:14.063686Z
- Published
- 2005-03-14T00:00:00Z
- Modified
- 2022-07-04T02:01:11.193292Z
- Summary
- squirrelmail - several
- Details
-
Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout. For completeness below is the original advisory text:
Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems:
CAN-2005-0104 Upstream developers noticed that an unsanitised variable could lead to cross site scripting.
CAN-2005-0152 Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail.
For the stable distribution (woody) these problems have been fixed in version 1.2.6-3.
For the unstable distribution (sid) the problem that affects unstable has been fixed in version 1.4.4-1.
We recommend that you upgrade your squirrelmail package.
- References
-