drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in squirrelmail
Name: |
Cross-Site Scripting in squirrelmail
|
|
ID: |
200212-4 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 16. Dezember 2002, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Squirrelmail |
|
Originalnachricht |
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-4 --------------------------------------------------------------------
PACKAGE : squirrelmail SUMMARY : cross site scripting DATE : 2002-12-15 14:12 UTC EXPLOIT : remote
--------------------------------------------------------------------
euronymous <just-a-user@yandex.ru> found that read_body.php didn't filter out user input for 'filter_dir' and 'mailbox', making a xss attack possible.
Read the full advisory at http://f0kp.iplus.ru/bz/008.txt
SOLUTION
It is recommended that all Gentoo Linux users who are running net-mail/squirrelmail-1.2.9 and earlier update their systems as follows:
emerge rsync emerge squirrelmail emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz --------------------------------------------------------------------
-- gentoo-security@gentoo.org mailing list
|
|
|
|