This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated squirrelmail package that fixes a security issue is now
available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
SquirrelMail is an easy-to-configure, standards-based, webmail package
written in PHP. It includes built-in PHP support for the IMAP and SMTP
required) for maximum browser-compatibility, strong MIME support,
address books, and folder manipulation.
The Red Hat SquirrelMail packages provided by the RHSA-2009:0010
advisory introduced a session handling flaw. Users who logged back
into SquirrelMail without restarting their web browsers were assigned
fixed session identifiers. A remote attacker could make use of that
flaw to hijack user sessions. (CVE-2009-0030)
SquirrelMail users should upgrade to this updated package, which
contains a patch to correct this issue. As well, all users who used
affected versions of SquirrelMail should review their preferences.
See also :
Update the affected squirrelmail package.
Risk factor :
Medium / CVSS Base Score : 6.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 35429 ()
CVE ID: CVE-2009-0030CVE-2009-1580
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.