CVE-2004-0520
CVSS6.8
发布时间 :2004-08-18 00:00:00
修订时间 :2016-10-17 22:45:52
NMCOES    

[原文]Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.


[CNNVD]SquirrelMail Email头HTML注入漏洞(CNNVD-200408-142)

        
        SquirrelMail是一款流行的基于WEB的邮件服务程序。
        SquirrelMail在处理用户提供的EMAIL头字符串时缺少充分过滤,远程攻击者可以利用这个漏洞获得用户敏感信息。
        由于SquirrelMail对邮件头字段信息缺少过滤,在IMAP服务器解析包含恶意脚本的EMAIL消息时,可导致在目标用户浏览器上执行任意脚本,会泄露用户基于验证的敏感信息。
        

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:squirrelmail:squirrelmail:1.2.9
cpe:/a:squirrelmail:squirrelmail:1.4.3_rc1
cpe:/a:squirrelmail:squirrelmail:1.2.5
cpe:/a:squirrelmail:squirrelmail:1.2.6
cpe:/a:squirrelmail:squirrelmail:1.2.7
cpe:/a:squirrelmail:squirrelmail:1.2.8
cpe:/a:squirrelmail:squirrelmail:1.2.10
cpe:/a:squirrelmail:squirrelmail:1.2.11
cpe:/a:squirrelmail:squirrelmail:1.4
cpe:/a:squirrelmail:squirrelmail:1.2.1
cpe:/a:squirrelmail:squirrelmail:1.2.2
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/a:squirrelmail:squirrelmail:1.2.3
cpe:/a:squirrelmail:squirrelmail:1.4.1
cpe:/a:squirrelmail:squirrelmail:1.5_dev
cpe:/a:squirrelmail:squirrelmail:1.2.4
cpe:/a:squirrelmail:squirrelmail:1.4.2
cpe:/a:open_webmail:open_webmail:2.30
cpe:/a:open_webmail:open_webmail:2.31
cpe:/a:open_webmail:open_webmail:2.32
cpe:/a:squirrelmail:squirrelmail:1.2.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10766Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and scri...
oval:org.mitre.oval:def:1012SquirrelMail Cross-site Scripting Vulnerability II
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0520
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0520
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-142
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
(PATCH)  SGI  20040604-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
(UNKNOWN)  CONECTIVA  CLA-2004:858
http://marc.info/?l=bugtraq&m=108611554415078&w=2
(UNKNOWN)  BUGTRAQ  20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability
http://marc.info/?l=squirrelmail-cvs&m=108532891231712
(UNKNOWN)  MLIST  [squirrelmail-cvs] 20040523 [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28
http://rhn.redhat.com/errata/RHSA-2004-240.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:240
http://www.debian.org/security/2004/dsa-535
(VENDOR_ADVISORY)  DEBIAN  DSA-535
http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200406-08
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
(VENDOR_ADVISORY)  MISC  http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
http://www.securityfocus.com/advisories/6827
(VENDOR_ADVISORY)  FEDORA  FEDORA-2004-160
http://www.securityfocus.com/bid/10439
(PATCH)  BID  10439
https://bugzilla.fedora.us/show_bug.cgi?id=1733
(PATCH)  FEDORA  FEDORA-2004-1733

- 漏洞信息

SquirrelMail Email头HTML注入漏洞
中危 输入验证
2004-08-18 00:00:00 2007-01-02 00:00:00
远程  
        
        SquirrelMail是一款流行的基于WEB的邮件服务程序。
        SquirrelMail在处理用户提供的EMAIL头字符串时缺少充分过滤,远程攻击者可以利用这个漏洞获得用户敏感信息。
        由于SquirrelMail对邮件头字段信息缺少过滤,在IMAP服务器解析包含恶意脚本的EMAIL消息时,可导致在目标用户浏览器上执行任意脚本,会泄露用户基于验证的敏感信息。
        

- 公告与补丁

        厂商补丁:
        SquirrelMail
        ------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        SquirrelMail Upgrade squirrelmail-1.4.3.tar.gz
        
        http://www.squirrelmail.org/download.php

- 漏洞信息 (24160)

SquirrelMail 1.x Email Header HTML Injection Vulnerability (EDBID:24160)
linux remote
2004-05-31 Verified
0 Roman Medina
N/A [点击下载]
source: http://www.securityfocus.com/bid/10439/info

SquirrelMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible. 

Content-Type: application/octet-stream"<script>window.alert(document.cookie)</script>"; name=top_secret.pdf 		

- 漏洞信息

6514
SquirrelMail mime.php Content-Type XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Multiple Webmail products contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate Content-Type upon submission to the mime.php script (or whatever script controls header content-type). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-05-29 2004-05-22
2004-05-29 Unknow

- 解决方案

Upgrade to version 1.4.3, 1.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

SquirrelMail Email Header HTML Injection Vulnerability
Input Validation Error 10439
Yes No
2004-05-31 12:00:00 2009-07-12 05:16:00
Disclosure of this issue is credited to Roman Medina <roman@rs-labs.com>.

- 受影响的程序版本

SquirrelMail SquirrelMail 1.5 Development Version
SquirrelMail SquirrelMail 1.4.8
SquirrelMail SquirrelMail 1.4.3 RC1
SquirrelMail SquirrelMail 1.4.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
SquirrelMail SquirrelMail 1.4.1
SquirrelMail SquirrelMail 1.4
SquirrelMail SquirrelMail 1.2.11
SquirrelMail SquirrelMail 1.2.10
SquirrelMail SquirrelMail 1.2.9
SquirrelMail SquirrelMail 1.2.8
+ Terra Soft Solutions Yellow Dog Linux 3.0
SquirrelMail SquirrelMail 1.2.7
+ RedHat Linux 8.0
SquirrelMail SquirrelMail 1.2.6
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
SquirrelMail SquirrelMail 1.2.5
SquirrelMail SquirrelMail 1.2.4
SquirrelMail SquirrelMail 1.2.3
SquirrelMail SquirrelMail 1.2.2
SquirrelMail SquirrelMail 1.2.1
SquirrelMail SquirrelMail 1.2 .0
SGI ProPack 3.0
RedHat Linux 9.0 i386
Open Webmail Open Webmail 2.32
Open Webmail Open Webmail 2.31
Open Webmail Open Webmail 2.30
SquirrelMail SquirrelMail 1.4.8
SquirrelMail SquirrelMail 1.4.3 RC1

- 不受影响的程序版本

SquirrelMail SquirrelMail 1.4.8
SquirrelMail SquirrelMail 1.4.3 RC1

- 漏洞讨论

SquirrelMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.

- 漏洞利用

No exploit is required to leverage this issue. Successful exploitation is reported to depend on the IMAP server used to parse the offending email. The following proof of concept value of 'Content-Type' has been provided:

Content-Type: application/octet-stream"&lt;script&gt;window.alert(document.cookie)&lt;/script&gt;"; name=top_secret.pdf

- 解决方案

The vendor has released an upgrade dealing with this issue.

This issue has been fixed in the current stable version of Open WebMail.

RedHat has released an advisory (FEDORA-2004-160) to address this and other issues in Fedora Core 2. Please see the referenced advisory for more information.

RedHat has released an advisory (RHSA-2004:240-06) to address this and other issues in Red Hat Enterprise Linux. Please see the advisory in web references for more information.

Gentoo has released a security advisory (GLSA 200406-08) to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
emerge sync
emerge -pv ">=mail-client/squirrelmail-1.4.3"
emerge ">=mail-client/squirrelmail-1.4.3"

SGI has released a security advisory (20040604-01-U) to address this and other issues in SGI ProPack 3. Please see the referenced advisory for more information.

Debian has released security advisory DSA 535-1 with fixes to address this issue.

Conectiva has released a security advisory (CLA-2004:858) to address multiple issues in squirrelmail. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA:1733 along with fixes to address multiple issues in SquirrelMail for RedHat Linux 9. Please see the referenced advisory for further information.


SquirrelMail SquirrelMail 1.2 .0

SquirrelMail SquirrelMail 1.2.1

SquirrelMail SquirrelMail 1.2.2

SquirrelMail SquirrelMail 1.2.3

SquirrelMail SquirrelMail 1.2.4

SquirrelMail SquirrelMail 1.2.5

SquirrelMail SquirrelMail 1.2.6

SquirrelMail SquirrelMail 1.4

SquirrelMail SquirrelMail 1.4.1

SquirrelMail SquirrelMail 1.4.2

SquirrelMail SquirrelMail 1.4.8

Open Webmail Open Webmail 2.30

Open Webmail Open Webmail 2.31

Open Webmail Open Webmail 2.32

SGI ProPack 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站