Fedora Core 2 : squirrelmail-1.4.3-1 (2004-160)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

A SQL injection flaw was found in SquirrelMail version 1.4.2 and
earlier. If SquirrelMail is configured to store user addressbooks in
the database, a remote attacker could use this flaw to execute
arbitrary SQL statements. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2004-0521 to this issue.

A number of cross-site scripting (XSS) flaws in SquirrelMail version
1.4.2 and earlier could allow remote attackers to execute scripts as
other web users. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2004-0519 and CVE-2004-0520
to these issues.

This update includes the SquirrelMail version 1.4.3a which is not
vulnerable to these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?382efdba

Solution :

Update the affected squirrelmail package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 13716 (fedora_2004-160.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0519
CVE-2004-0520
CVE-2004-0521

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now