This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200708-08
(SquirrelMail G/PGP plugin: Arbitrary code execution)
The functions deletekey(), gpg_check_sign_pgp_mime() and gpg_recv_key()
used in the SquirrelMail G/PGP encryption plugin do not properly escape
An authenticated user could use the plugin to execute arbitrary code on
the server, or a remote attacker could send a specially crafted e-mail
to a SquirrelMail user, possibly leading to the execution of arbitrary
code with the privileges of the user running the underlying web server.
Note that the G/PGP plugin is disabled by default.
Enter the SquirrelMail configuration directory
(/usr/share/webapps/squirrelmail/version/htdocs/config), then execute
the conf.pl script. Select the plugins menu, then select the gpg plugin
item number in the 'Installed Plugins' list to disable it. Press S to
save your changes, then Q to quit.
See also :
All SquirrelMail users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-client/squirrelmail-1.4.10a-r2'
Risk factor :
High / CVSS Base Score : 9.3
Family: Gentoo Local Security Checks
Nessus Plugin ID: 25873 (gentoo_GLSA-200708-08.nasl)
CVE ID: CVE-2005-1924CVE-2006-4169
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.