SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   SquirrelMail Vendors:   SquirrelMail Development Team
SquirrelMail Input Validation Flaw in webmail.php May Let Remote Users Execute Arbitrary Commands or Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1012988
SecurityTracker URL:  http://securitytracker.com/id/1012988
CVE Reference:   CVE-2005-0075, CVE-2005-0103, CVE-2005-0104, CVE-2005-0152   (Links to External Site)
Updated:  Feb 3 2005
Original Entry Date:  Jan 25 2005
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.4.4
Description:   Several input validation vulnerabilities were reported in SquirrelMail. A remote user may be able to execute arbitrary commands on the target system. A remote user may also be able to conduct cross-site scripting attacks.

The vendor reported that undefined variables in 'src/webmail.php' allow a remote user to supply specially crafted parameters to potentially cause an unauthorized file to be included and executed on the target system [CVE: CVE-2005-0103].

A remote user can also create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser [CVE: CVE-2005-0104], also due to an error in 'src/webmail.php'. The code will originate from the site running the SquirrelMail software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A missing variable initialization in 'functions/prefs.php' may allow a remote user to cause unauthorized files to be included and executed on the target system if the register_globals is set to On [CVE: CVE-2005-0075]. Jimmy Conner is credited with discovering this flaw.

An initialization error in 'src/webmail.php' allows a remote user to manipulate a URL under certain circumstances where register_globals and allow_url_fopen are both set to 'on' to cause the target server to execute arbitrary code with the privileges of the web server [CVE: CVE-2005-0152]. Grant Hollingworth is credited with discovering this flaw.

Impact:   A remote user may be able to execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the SquirrelMail software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has issued a fixed version (1.4.4), available at:

http://www.squirrelmail.org/download.php

Vendor URL:  www.squirrelmail.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 11 2005 (Red Hat Issues Fix) SquirrelMail Input Validation Flaw in webmail.php May Let Remote Users Execute Arbitrary Commands or Conduct Cross-Site Scripting Attacks
Red Hat has released a fix.
Feb 15 2005 (Red Hat Issues Fix) SquirrelMail Input Validation Flaw in webmail.php May Let Remote Users Execute Arbitrary Commands or Conduct Cross-Site Scripting Attacks
Red Hat has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC