You are not logged in.

#1 2004-06-05 07:09:30

kpiche
Forum Fellow
From: Ottawa, ON, Canada
Registered: 2004-03-30
Posts: 246
Website

SquirrelMail "Content-Type" XSS vulnerability

An advisory went out on May 30th and can be found here: http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt .

I discovered a new XSS vuln in SquirrelMail which is quite dangerous since it could be exploited simply by sending a specially crafted mail to the victim. The victim only has to read the email in order to trigger the exploit. This bug is present in latest versions (as well as older ones).

Upgrade to 1.4.3 or latest 1.5.1 CVS from after May24th.

Offline

#2 2004-06-07 13:14:27

farphel
Forum Fellow
From: New Hampshire - USA
Registered: 2003-09-18
Posts: 250
Website

Re: SquirrelMail "Content-Type" XSS vulnerability

I've just put a 1.5.1cvs in the 'testing' repo.  Make sure to backup your existing squirrelmail dirs/files before trying it out.  If I don't hear of any problems within a week, I'll pull it out of testing and move it to extra.

Cheers,
farphel


Follow the link below, sign up, and accept one promotional offer.  If I can get five suckers (err... friends) to do this, I'll get a free iPod.  Then you too can try to get a free iPod. Thanks! http://www.freeiPods.com/?r=11363142

Offline

Board footer

Powered by FluxBB