• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities

Solution:
The vendor has committed fixes to the SquirrelMail CVS repository. Snapshots of the current development version are available from the vendor. For more information on obtaining fixed versions, please contact the vendor.

See the referenced vendor advisories for more information.


SquirrelMail SquirrelMail 1.2.10

• RedHat squirrelmail-1.4.6-3.rh9.1.legacy.noarch.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/squirrelmail-1. 4.6-3.rh9.1.legacy.noarch.rpm

SquirrelMail SquirrelMail 1.2.6

• Debian squirrelmail_1.2.6-5_all.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelma il_1.2.6-5_all.deb

SquirrelMail SquirrelMail 1.4

• RedHat squirrelmail-1.4.6-4.fc1.1.legacy.noarch.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/squirrelmail-1. 4.6-4.fc1.1.legacy.noarch.rpm

SquirrelMail SquirrelMail 1.4.2

• RedHat squirrelmail-1.4.6-4.fc2.1.legacy.noarch.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/squirrelmail-1. 4.6-4.fc2.1.legacy.noarch.rpm

SquirrelMail SquirrelMail 1.4.3 a

• RedHat squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm
  Fedora Core 3:
  http://download.fedoralegacy.org/fedora/3/updates/i386/squirrelmail-1. 4.6-4.fc3.1.legacy.noarch.rpm


• RedHat squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm
  Fedora Core 3:
  http://download.fedoralegacy.org/fedora/3/updates/x86_64/squirrelmail- 1.4.6-4.fc3.1.legacy.noarch.rpm

SquirrelMail SquirrelMail 1.4.4

• Debian squirrelmail_1.4.4-8_all.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelma il_1.4.4-8_all.deb

SquirrelMail SquirrelMail 1.4.5

• Mandriva squirrelmail-1.4.5-1.2.C30mdk.noarch.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-1.4.5-1.2.C30mdk.src.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-poutils-1.4.5-1.2.C30mdk.noarch.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download