|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> SquirrelMail session_expired_post Arbitrary Variables Overwriting Vulnerability Vulnerability Assessment Details
|
SquirrelMail session_expired_post Arbitrary Variables Overwriting Vulnerability |
||
Tries to overwrite a variable SquirrelMail Detailed Explanation for this Vulnerability Assessment Summary : The remote webmail application suffers from a data modification vulnerability. Description : The installed version of SquirrelMail permits for restoring expired sessions in an unsafe manner. Using a specially-crafted expired session, a user can leverage this issue to take control of arbitrary variables used by the affected application, which can lead to other attacks against the system, such as reading or writing of arbitrary files on the system. See also : http://www.gulftech.org/?node=research&article_id=00108-08112006 http://www.squirrelmail.org/security/issue/2006-08-11 http://archives.neohapsis.com/archives/bugtraq/2006-08/0241.html Solution : Apply the patch referenced in the vendor advisory above or upgrade to SquirrelMail version 1.4.8 or later. Network Security Threat Level: Medium / CVSS Base Score : 4.7 (AV:R/AC:L/Au:NR/C:P/I:P/A:N/B:N) Networks Security ID: 19486 Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G
$13.99
HyperX FURY DDR3 8GB 16GB 32GB 1600 MHz PC3-12800 Desktop RAM Memory DIMM 240pin
$12.90
Samsung 16GB 2Rx4 PC4-2400 RDIMM DDR4-19200 ECC REG Registered Server Memory RAM
$20.99
SK HYNIX 8GB 1RX8 PC4-2666V DESKTOP MEMORY RAM TESTED UDIMM T12-E2
$8.99
Kingston HyperX FURY DDR3 8GB 16GB 32G 1600 1866 1333 Desktop Memory RAM DIMM
$13.25
Team T-FORCE VULCAN Z 16GB (2 x 8GB) 288-Pin PC RAM DDR4 3200 (PC4 25600) XMP
$35.99
8GB PC3L-12800S 1600MHz SODIMM DDR3 RAM | Grade A
$12.00
Corsair 32GB (4X8GB) DDR3 PC3-14900 1866 NON ECC LOW DENSITY CMT32GX3M4X1866C9
$32.00
A-Tech 256GB 4x 64GB 4Rx4 PC4-19200 ECC Load Reduced LRDIMM Server Memory RAM
$287.96
Samsung M393A8G40AB2-CWE 64GB 2Rx4 PC4-25600 ECC Registered Server Memory RAM
$149.99
|
||
No Discussions have been posted on this vulnerability. |