SquirrelMail < 1.4.4 Multiple Vulnerabilities

medium Nessus Plugin ID 16228

Synopsis

The remote host has a PHP script that is affected by multiple vulnerabilities.

Description

The target is running at least one instance of SquirrelMail whose version number suggests it is affected by one or more cross-site scripting vulnerabilities :

- Insufficient escaping of integer variables in webmail.php allows a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1).

- Insufficient checking of incoming URL vars in webmail.php allows an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1).

- A recent change in prefs.php allows an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP's register_globals setting is enabled (affects 1.4.3-RC1 - 1.4.4-RC1).
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number of Squirrelmail
***** installed there.

Solution

Upgrade to SquirrelMail 1.4.4 or later.

Plugin Details

Severity: Medium

ID: 16228

File Name: squirrelmail_144.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 1/24/2005

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:squirrelmail:squirrelmail

Required KB Items: www/squirrelmail

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/14/2005

Reference Information

CVE: CVE-2005-0075, CVE-2005-0103, CVE-2005-0104

BID: 12337

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990