CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
85.5%
CentOS Errata and Security Advisory CESA-2007:0358
SquirrelMail is a standards-based webmail package written in PHP4.
Several HTML filtering bugs were discovered in SquirrelMail. An attacker
could inject arbitrary JavaScript leading to cross-site scripting attacks
by sending an e-mail viewed by a user within SquirrelMail.
(CVE-2007-1262)
Squirrelmail did not sufficiently check arguments to IMG tags in HTML
e-mail messages. This could be exploited by an attacker by sending
arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening
a maliciously crafted HTML e-mail message. (CVE-2007-2589)
Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075937.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075938.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075939.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075950.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075951.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075956.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075959.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075970.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075971.html
Affected packages:
squirrelmail
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0358
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | noarch | squirrelmail | < 1.4.8-6.el3.centos.1 | squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-6.el3.centos.1 | squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-6.el3.centos.1 | squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.0.1.el4.centos | squirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.0.1.el4.centos | squirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-6.el3.centos.1 | squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-6.el3.centos.1 | squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.0.1.el4.centos | squirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.0.1.el4.centos | squirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm |
CentOS | 5 | noarch | squirrelmail | < 1.4.8-4.0.1..el5.centos.1 | squirrelmail-1.4.8-4.0.1..el5.centos.1.noarch.rpm |