Debian Security Advisory
DSA-988-1 squirrelmail -- several vulnerabilities
- Date Reported:
- 08 Mar 2006
- Affected Packages:
- squirrelmail
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 354062, Bug 354063, Bug 354064, Bug 355424.
In Mitre's CVE dictionary: CVE-2006-0377, CVE-2006-0195, CVE-2006-0188. - More information:
-
Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2006-0188
Martijn Brinkers and Ben Maurer found a flaw in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter.
- CVE-2006-0195
Martijn Brinkers and Scott Hughes discovered an interpretation conflict in the MagicHTML filter that allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) slashes inside the "url" keyword, which is processed by some web browsers including Internet Explorer.
- CVE-2006-0377
Vicente Aguilera of Internet Security Auditors, S.L. discovered a CRLF injection vulnerability, which allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." There's no known way to exploit this yet.
For the old stable distribution (woody) these problems have been fixed in version 1.2.6-5.
For the stable distribution (sarge) these problems have been fixed in version 2:1.4.4-8.
For the unstable distribution (sid) these problems have been fixed in version 2:1.4.6-1.
We recommend that you upgrade your squirrelmail package.
- CVE-2006-0188
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.dsc
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.diff.gz
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5_all.deb
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb
MD5 checksums of the listed files are available in the original advisory.