DSA-1802 squirrelmail -- several vulnerabilitiesID: oval:org.mitre.oval:def:8413 | Date: (C)2009-12-15 (M)2023-11-13 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems: Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data. Code injection was possible when SquirrelMail was configured to use the map_yp_alias function to authenticate users. This is not the default. It was possible to hijack an active user session by planting a specially crafted cookie into the user's browser. Specially crafted HTML emails could use the CSS positioning feature to place email content over the SquirrelMail user interface, allowing for phishing.
Platform: |
Debian 5.0 |
Debian 4.0 |