This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated SquirrelMail package that fixes a cross-site scripting
vulnerability is now available.
SquirrelMail is a webmail package written in PHP.
A cross-site scripting bug has been found in SquirrelMail. This issue
could allow an attacker to send a mail with a carefully crafted
header, which could result in causing the victim's machine to execute
a malicious script. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2004-1036 to this issue.
Additionally, the following issues have been addressed :
- updated splash screens - HIGASHIYAMA Masato's patch to
improve Japanese support - real 1.4.3a tarball -
config_local.php and default_pref in /etc/squirrelmail/
to match upstream RPM.
Please note that it is possible that upgrading to this package may
remove your SquirrelMail configuration files due to a bug in the RPM
package. Upgrading will prevent this from happening in the future.
Users of SquirrelMail are advised to upgrade to this updated package
which contains a patched version of SquirrelMail version 1.43a and is
not vulnerable to these issues.
See also :
Update the affected squirrelmail package.
Risk factor :
Medium / CVSS Base Score : 6.8
Family: Red Hat Local Security Checks
Nessus Plugin ID: 16053 ()
CVE ID: CVE-2004-1036