Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64
Medium Nessus Plugin ID 60676
SynopsisThe remote Scientific Linux host is missing a security update.
DescriptionCVE-2009-2964 squirrelmail: CSRF issues in all forms
Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964)
SolutionUpdate the affected squirrelmail package.