| VID |
21502 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The SquirrelMail package is vulnerable to a remote command execution vulnerability in the viewcert.php script. SquirrelMail is a standards-based webmail package written in PHP4. SquirrelMail S/MIME plugin versions prior to 0.6 could allow a remote attacker to execute arbitrary commands on the system, caused by improper filtering of user-supplied input in the 'cert' parameter used by the 'plugins/smime/viewcert.php' script. A remote authenticated attacker could exploit this flaw to execute arbitrary system commands in the context of the web server.
* Note: This check requires an account which can log into the remote webmail server to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.kb.cert.org/vuls/id/502328
http://www.idefense.com/application/poi/display?id=191&type=vulnerabilities&flashstatus=true
http://www.osvdb.org/displayvuln.php?osvdb_id=13639
* Platforms Affected:
SquirrelMail Project Team, SquirrelMail S/MIME plugin versions prior to 0.6
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of SquirrelMail S/MIME plugin (0.6 or later), available from the SquirrelMail Web site at http://www.squirrelmail.org/plugin_view.php?id=54 |
| Related URL |
CVE-2005-0239 (CVE) |
| Related URL |
12467 (SecurityFocus) |
| Related URL |
19242 (ISS) |
|
