[dapper] security vulnerabilities with register_globals enabled: CVE-2006-3665 CVE-2006-3174
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| squirrelmail (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: squirrelmail
== CVE-2006-3665 ==
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
From changelog:
Security: Possible cookie theft in src/redirect.php if register_globals is enabled, and malicous site is running in same domain.
== CVE-2006-3174 ==
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
From changelog:
Tightened code in search.php for disputed security report. We don't believe this is exploitable, but the code is tightened anyway.
== Affects ==
Dapper only; fixed in version 1.4.7.
Related branches
| Changed in squirrelmail: | |
| assignee: | nobody → andreas-wenning |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| Andreas Wenning (andreas-wenning) wrote | #1 |
| Changed in squirrelmail: | |
| assignee: | andreas-wenning → nobody |
| Marc Deslauriers (mdeslaur) wrote | #2 |
| Changed in squirrelmail: | |
| status: | In Progress → Fix Committed |
| Marc Deslauriers (mdeslaur) wrote | #3 |
| Changed in squirrelmail (Ubuntu): | |
| status: | Fix Committed → Fix Released |
Debdiff to fix both problems for dapper; build and tested on dapper locally.