This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote Oracle Linux host is missing a security update.
From Red Hat Security Advisory 2007:0022 :
A new squirrelmail package that fixes security issues is now available
for Red Hat Enterprise Linux 3 and 4.
SquirrelMail is a standards-based webmail package written in PHP.
Several cross-site scripting bugs were discovered in SquirrelMail. An
SquirrelMail pages by tricking a user into visiting a carefully
crafted URL. (CVE-2006-6142)
Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.
Notes: - After installing this update, users are advised to restart
their httpd service to ensure that the updated version functions
correctly. - config.php should NOT be modified, please modify
config_local.php instead. - Known Bug: The configuration generator may
potentially produce bad options that interfere with the operation of
this application. Applying specific config changes to config_local.php
manually is recommended.
See also :
Update the affected squirrelmail package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false
Family: Oracle Linux Local Security Checks
Nessus Plugin ID: 67442 ()
Bugtraq ID: 21414
CVE ID: CVE-2006-6142
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.