This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PHP:SQUIRRELMAIL-AUTH
|
Severity |
Warning
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
SquirrelMail Authentication Bypass
|
Release Date |
2005/08/15
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: SquirrelMail Authentication Bypass
This signature detects an attemps to bypass the authentication mechanism of SquirrelMail. SquirrelMail 1.4.4 and earlier does not properly sanitize the $_POST variable, which can allow remote attackers to read or modify other users preferences.
Extended Description
SquirrelMail is affected by an insecure variable handling vulnerability.
It was reported that an attacker can exploit this vulnerability to disclose and manipulate users' preferences, write arbitrary files in the context of 'www-data', carry out cross-site scripting and various other attacks.
Due to a lack of information, further details cannot be described at the moment. This BID will be update when more information becomes available.
Affected Products
- Apple mac_os_x_server 10.3.9
- Apple mac_os_x_server 10.4.2
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core1
- Red_hat fedora Core2
- Red_hat fedora Core3
- Red_hat fedora Core4
- Red_hat linux 9.0.0 I386
- Squirrelmail squirrelmail 1.2.6
- Squirrelmail squirrelmail 1.4.0
- Squirrelmail squirrelmail 1.4.0 RC1
- Squirrelmail squirrelmail 1.4.1
- Squirrelmail squirrelmail 1.4.2
- Squirrelmail squirrelmail 1.4.3
- Squirrelmail squirrelmail 1.4.3 A
- Squirrelmail squirrelmail 1.4.3 R3
- Squirrelmail squirrelmail 1.4.3 RC1
- Squirrelmail squirrelmail 1.4.4
- Squirrelmail squirrelmail 1.4.4 RC1
- Squirrelmail squirrelmail 1.4.8
- Suse linux_desktop 1.0.0
- Suse linux_personal 8.2.0
- Suse linux_personal 9.0.0
- Suse linux_personal 9.0.0 X86 64
- Suse linux_personal 9.1.0
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 8.2.0
- Suse linux_professional 9.0.0
- Suse linux_professional 9.0.0 X86 64
- Suse linux_professional 9.1.0
- Suse linux_professional 9.1.0 X86 64
- Suse linux_professional 9.2.0
- Suse linux_professional 9.2.0 X86 64
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Suse novell_linux_desktop 9.0.0
- Suse open-enterprise-server 9.0.0
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Suse suse_linux_openexchange_server 4.0.0
- Suse suse_linux_retail_solution 8.0.0
- Suse suse_linux_school_server_for_i386
- Suse suse_linux_standard_server 8.0.0
References