| VID |
21961 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The SquirrelMail package is vulnerable to an arbitrary variables overwriting vulnerability via the compose.php script. SquirrelMail is a Web mail system written in PHP4. SquirrelMail versions 1.4.0 through 1.4.7 are vulnerable to an arbitrary variables overwriting vulnerability, caused by an unsafe handling of expired sessions passed to the GET request for the '/src/compose.php' script. A remote attacker could exploit this vulnerability to obtain sensitive information or read and write other user's preferences or email attachments.
* Note: This check requires an account which can login to the remote web mail server to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.squirrelmail.org/security/issue/2006-08-11
http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
http://www.gulftech.org/?node=research&article_id=00108-08112006
http://secunia.com/advisories/21354
http://www.frsirt.com/english/advisories/2006/3271
* Platforms Affected:
SquirrelMail Project Team, SquirrelMail versions 1.4.0 through 1.4.7
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of SquirrelMail (1.4.8 or later), available from the SquirrelMail Download Web page at http://www.squirrelmail.org/download.php |
| Related URL |
CVE-2006-4019 (CVE) |
| Related URL |
19486 (SecurityFocus) |
| Related URL |
28365 (ISS) |
|
