• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SquirrelMail Folder Name Cross-Site Scripting Vulnerability

Solution:
SquirrelMail 1.4.3 has been released to address this issue.

Gentoo has released an advisory (GLSA 200405-16) to address this issue. Please see the referenced advisory for more information. Gentoo users can carry out the following commands to upgrade their computers:
emerge sync
emerge -pv ">=net-mail/squirrelmail-1.4.3_rc1"
emerge ">=net-mail/squirrelmail-1.4.3_rc1"

Gentoo has released an advisory (GLSA 200405-16:02) to address errors in the previous Gentoo advisory. Please see the referenced advisory for more information.

RedHat has released an advisory (FEDORA-2004-160) to address this and other issues in Fedora Core 2. Please see the referenced advisory for more information.

RedHat has released an advisory (RHSA-2004:240-06) to address this and other issues in Red Hat Enterprise Linux. Please see the advisory in web references for more information.

SGI has released a security advisory (20040604-01-U) to address this and other issues in SGI ProPack 3. Please see the referenced advisory for more information.

Debian has released security advisory DSA 535-1 with fixes to address this issue.

Conectiva has released a security advisory (CLA-2004:858) to address multiple issues in SquirrelMail. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA:1733 along with fixes to address multiple issues in SquirrelMail for RedHat Linux 9. Please see the referenced advisory for further information.

SUSE has released a security summary report (SUSE-SR:2005:019) addressing this and other issues. Please see the referenced advisory for further information.


SquirrelMail SquirrelMail 1.0.4

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.0.5

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2 .0

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.1

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.10

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.11

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.2

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.3

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.4

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.5

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.6

• Conectiva squirrelmail-1.4.3a-13677U90_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/squirrelmail-1.4.3a-13677U9 0_1cl.noarch.rpm


• Conectiva squirrelmail-doc-1.4.3a-13677U90_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/squirrelmail-doc-1.4.3a-136 77U90_1cl.noarch.rpm


• Debian squirrelmail_1.2.6-1.4_all.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelma il_1.2.6-1.4_all.deb


• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.7

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.8

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.2.9

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.4

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.4.1

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SquirrelMail SquirrelMail 1.4.2

• SquirrelMail SquirrelMail 1.4.3-RC1
  http://sourceforge.net/project/showfiles.php?group_id=311&package_id=3 34&release_id=237332

SGI ProPack 3.0

• SGI patch10083.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch100 83.tar.gz