[dapper] security vulnerabilities with register_globals enabled: CVE-2006-3665 CVE-2006-3174
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squirrelmail (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: squirrelmail
== CVE-2006-3665 ==
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
From changelog:
Security: Possible cookie theft in src/redirect.php if register_globals is enabled, and malicous site is running in same domain.
== CVE-2006-3174 ==
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
From changelog:
Tightened code in search.php for disputed security report. We don't believe this is exploitable, but the code is tightened anyway.
== Affects ==
Dapper only; fixed in version 1.4.7.
Related branches
Changed in squirrelmail: | |
assignee: | nobody → andreas-wenning |
importance: | Undecided → Medium |
status: | New → In Progress |
Debdiff to fix both problems for dapper; build and tested on dapper locally.