RHEL 3 / 4 : squirrelmail (RHSA-2007:0022)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

A new squirrelmail package that fixes security issues is now available
for Red Hat Enterprise Linux 3 and 4.

SquirrelMail is a standards-based webmail package written in PHP.

Several cross-site scripting bugs were discovered in SquirrelMail. An
attacker could inject arbitrary JavaScript or HTML content into
SquirrelMail pages by tricking a user into visiting a carefully
crafted URL. (CVE-2006-6142)

Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.

Notes: - After installing this update, users are advised to restart
their httpd service to ensure that the updated version functions
correctly. - config.php should NOT be modified, please modify
config_local.php instead. - Known Bug: The configuration generator may
potentially produce bad options that interfere with the operation of
this application. Applying specific config changes to config_local.php
manually is recommended.

See also :


Solution :

Update the affected squirrelmail package.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 24317 ()

Bugtraq ID: 21414

CVE ID: CVE-2006-6142