Gentoo Archives: gentoo-announce

From: Stefan Behte <craig@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities
Date: Wed, 13 Jan 2010 22:18:07
Message-Id: 4B4E44A3.7080905@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201001-08
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: SquirrelMail: Multiple vulnerabilities
9 Date: January 13, 2010
10 Bugs: #269567, #270671
11 ID: 201001-08
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities were found in SquirrelMail of which the worst
19 results in remote code execution.
20
21 Background
22 ==========
23
24 SquirrelMail is a standards-based webmail package written in PHP.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 mail-client/squirrelmail < 1.4.19 >= 1.4.19
33
34 Description
35 ===========
36
37 Multiple vulnerabilities were found in SquirrelMail:
38
39 * Niels Teusink reported multiple input sanitation flaws in certain
40 encrypted strings in e-mail headers, related to
41 contrib/decrypt_headers.php, PHP_SELF and the query string (aka
42 QUERY_STRING) (CVE-2009-1578).
43
44 * Niels Teusink also reported that the map_yp_alias() function in
45 functions/imap_general.php does not filter shell metacharacters in a
46 username and that the original patch was incomplete (CVE-2009-1381,
47 CVE-2009-1579).
48
49 * Tomas Hoger discovered an unspecified session fixation
50 vulnerability (CVE-2009-1580).
51
52 * Luc Beurton reported that functions/mime.php does not protect the
53 application's content from Cascading Style Sheets (CSS) positioning
54 in HTML e-mail messages (CVE-2009-1581).
55
56 Impact
57 ======
58
59 The vulnerabilities allow remote attackers to execute arbitrary code
60 with the privileges of the user running the web server, to hijack web
61 sessions via a crafted cookie, to spoof the user interface and to
62 conduct Cross-Site Scripting and phishing attacks, via a specially
63 crafted message.
64
65 Workaround
66 ==========
67
68 There is no known workaround at this time.
69
70 Resolution
71 ==========
72
73 All SquirrelMail users should upgrade to the latest version:
74
75 # emerge --sync
76 # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.19"
77
78 References
79 ==========
80
81 [ 1 ] CVE-2009-1381
82 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381
83 [ 2 ] CVE-2009-1578
84 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1578
85 [ 3 ] CVE-2009-1579
86 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579
87 [ 4 ] CVE-2009-1580
88 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1580
89 [ 5 ] CVE-2009-1581
90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1581
91
92 Availability
93 ============
94
95 This GLSA and any updates to it are available for viewing at
96 the Gentoo Security Website:
97
98 http://security.gentoo.org/glsa/glsa-201001-08.xml
99
100 Concerns?
101 =========
102
103 Security is a primary focus of Gentoo Linux and ensuring the
104 confidentiality and security of our users machines is of utmost
105 importance to us. Any security concerns should be addressed to
106 security@g.o or alternatively, you may file a bug at
107 https://bugs.gentoo.org.
108
109 License
110 =======
111
112 Copyright 2010 Gentoo Foundation, Inc; referenced text
113 belongs to its owner(s).
114
115 The contents of this document are licensed under the
116 Creative Commons - Attribution / Share Alike license.
117
118 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature