Debian Local Security Checks : Debian Security Advisory DSA 2091-1 (squirrelmail)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.67845
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 2091-1 (squirrelmail)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to squirrelmail announced via advisory DSA 2091-1. SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controled by the offender. In addition, a denial-of-service was fixed, which could be triggered when a passwords containing 8-bit characters was used to log in (CVE-2010-2813). For the stable distribution (lenny), these problems have been fixed in version 1.4.15-4+lenny3.1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.4.21-1. We recommend that you upgrade your squirrelmail packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202091-1 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2964 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 36196 http://www.securityfocus.com/bid/36196 Debian Security Information: DSA-2091 (Google Search) http://www.debian.org/security/2010/dsa-2091 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html http://jvn.jp/en/jp/JVN30881447/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:222 http://www.osvdb.org/57001 http://osvdb.org/60469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668 http://secunia.com/advisories/34627 http://secunia.com/advisories/36363 http://secunia.com/advisories/37415 http://secunia.com/advisories/40220 http://secunia.com/advisories/40964 http://www.vupen.com/english/advisories/2009/2262 http://www.vupen.com/english/advisories/2009/3315 http://www.vupen.com/english/advisories/2010/1481 http://www.vupen.com/english/advisories/2010/2080 XForce ISS Database: squirrelmail-unspecified-csrf(52406) https://exchange.xforce.ibmcloud.com/vulnerabilities/52406 Common Vulnerability Exposure (CVE) ID: CVE-2010-2813 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 42399 http://www.securityfocus.com/bid/42399 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html RedHat Security Advisories: RHSA-2012:0103 http://rhn.redhat.com/errata/RHSA-2012-0103.html http://secunia.com/advisories/40971 http://www.vupen.com/english/advisories/2010/2070 XForce ISS Database: squirrelmail-imap-dos(61124) https://exchange.xforce.ibmcloud.com/vulnerabilities/61124
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com