| VID |
21854 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The SquirrelMail program is vulnerable to a cookie-theft vulnerability in the 'src/redirect.php' script. SquirrelMail is a Web mail system written in PHP4. SquirrelMail version 1.4.6 and earlier versions are vulnerable to a cookie-theft vulnerability, caused by improper validation of the 'base_uri' parameter in the 'functions/strings.php' script before using it to set the path for its cookies. If PHP's 'register_globals' setting is enabled, and a malicious site is running in same domain, an attacker could exploit this flaw to steal cookies associated with the affected application.
* References:
http://www.squirrelmail.org/changelog.php
* Platforms Affected:
SquirrelMail Project Team, SquirrelMail version 1.4.6 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version (1.4.7-CVS or later) of SquirrelMail, available from the SquirrelMail Download Web page at http://www.squirrelmail.org/download.php
As a workaround, disable PHP's 'register_globals' setting. |
| Related URL |
(CVE) |
| Related URL |
17005 (SecurityFocus) |
| Related URL |
(ISS) |
|
