CVE-2006-0188
CVSS4.3
发布时间 :2006-02-23 19:02:00
修订时间 :2011-03-07 21:29:32
NMCOP    

[原文]webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.


[CNNVD]SquirrelMail IMAP/SMTP命令注入漏洞(CNNVD-200602-354)

        SquirrelMail是一款流行的基于WEB的邮件服务程序。
        SquirrelMail提供了通过IMAP和SMTP协议与邮件服务器交互的图形界面。在正常使用这些应用的时候,SquirrelMail没有正确的验证传输给邮件服务器的命令和信息,这允许恶意的认证用户在通讯过程中使用SquirrelMail Webmail前端的sqimap_mailbox_select命令参数向邮件服务器注入任意IMAP/SMTP命令。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:squirrelmail:squirrelmail:1.4.6_rc1
cpe:/a:squirrelmail:squirrelmail:1.4.3a
cpe:/a:squirrelmail:squirrelmail:1.4.4
cpe:/a:squirrelmail:squirrelmail:1.4_rc1
cpe:/a:squirrelmail:squirrelmail:1.4.3_r3
cpe:/a:squirrelmail:squirrelmail:1.4.4_rc1
cpe:/a:squirrelmail:squirrelmail:1.4.1
cpe:/a:squirrelmail:squirrelmail:1.4.3_rc1
cpe:/a:squirrelmail:squirrelmail:1.4.3
cpe:/a:squirrelmail:squirrelmail:1.4.2
cpe:/a:squirrelmail:squirrelmail:1.4
cpe:/a:squirrelmail:squirrelmail:1.4.5

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10419webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0188
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200602-354
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/24847
(UNKNOWN)  XF  squirrelmail-webmail-xss(24847)
http://www.vupen.com/english/advisories/2006/0689
(UNKNOWN)  VUPEN  ADV-2006-0689
http://www.squirrelmail.org/security/issue/2006-02-01
(UNKNOWN)  CONFIRM  http://www.squirrelmail.org/security/issue/2006-02-01
http://www.securityfocus.com/bid/16756
(UNKNOWN)  BID  16756
http://securitytracker.com/id?1015662
(UNKNOWN)  SECTRACK  1015662
http://secunia.com/advisories/18985
(VENDOR_ADVISORY)  SECUNIA  18985
http://www.redhat.com/support/errata/RHSA-2006-0283.html
(UNKNOWN)  REDHAT  RHSA-2006:0283
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html
(UNKNOWN)  FEDORA  FEDORA-2006-133
http://www.novell.com/linux/security/advisories/2006_05_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:049
(UNKNOWN)  MANDRIVA  MDKSA-2006:049
http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml
(UNKNOWN)  GENTOO  GLSA-200603-09
http://www.debian.org/security/2006/dsa-988
(UNKNOWN)  DEBIAN  DSA-988
http://secunia.com/advisories/20210
(UNKNOWN)  SECUNIA  20210
http://secunia.com/advisories/19960
(UNKNOWN)  SECUNIA  19960
http://secunia.com/advisories/19205
(UNKNOWN)  SECUNIA  19205
http://secunia.com/advisories/19176
(UNKNOWN)  SECUNIA  19176
http://secunia.com/advisories/19131
(UNKNOWN)  SECUNIA  19131
http://secunia.com/advisories/19130
(UNKNOWN)  SECUNIA  19130
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

SquirrelMail IMAP/SMTP命令注入漏洞
中危 跨站脚本
2006-02-23 00:00:00 2006-02-24 00:00:00
远程  
        SquirrelMail是一款流行的基于WEB的邮件服务程序。
        SquirrelMail提供了通过IMAP和SMTP协议与邮件服务器交互的图形界面。在正常使用这些应用的时候,SquirrelMail没有正确的验证传输给邮件服务器的命令和信息,这允许恶意的认证用户在通讯过程中使用SquirrelMail Webmail前端的sqimap_mailbox_select命令参数向邮件服务器注入任意IMAP/SMTP命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.squirrelmail.org/security/issue/2006-02-15

- 漏洞信息 (F44579)

Gentoo Linux Security Advisory 200603-9 (PacketStormID:F44579)
2006-03-13 00:00:00
Gentoo  security.gentoo.org
advisory,php,imap,xss
linux,gentoo
CVE-2006-0188,CVE-2006-0195,CVE-2006-0377
[点击下载]

Gentoo Linux Security Advisory GLSA 200603-09 - SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting. Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting. Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection. Versions less than 1.4.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200603-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: SquirrelMail: Cross-site scripting and IMAP command
            injection
      Date: March 12, 2006
      Bugs: #123781
        ID: 200603-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

SquirrelMail is vulnerable to several cross-site scripting
vulnerabilities and IMAP command injection.

Background
==========

SquirrelMail is a webmail package written in PHP. It supports IMAP and
SMTP protocols.

Affected packages
=================

    -------------------------------------------------------------------
     Package                   /  Vulnerable  /             Unaffected
    -------------------------------------------------------------------
  1  mail-client/squirrelmail       < 1.4.6                   >= 1.4.6

Description
===========

SquirrelMail does not validate the right_frame parameter in
webmail.php, possibly allowing frame replacement or cross-site
scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered
that MagicHTML fails to handle certain input correctly, potentially
leading to cross-site scripting (only Internet Explorer,
CVE-2006-0195). Vicente Aguilera reported that the
sqimap_mailbox_select function did not strip newlines from the mailbox
or subject parameter, possibly allowing IMAP command injection
(CVE-2006-0377).

Impact
======

By exploiting the cross-site scripting vulnerabilities, an attacker can
execute arbitrary scripts running in the context of the victim's
browser. This could lead to a compromise of the user's webmail account,
cookie theft, etc. A remote attacker could exploit the IMAP command
injection to execute arbitrary IMAP commands on the configured IMAP
server.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All SquirrelMail users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.6"

Note: Users with the vhosts USE flag set should manually use
webapp-config to finalize the update.

References
==========

  [ 1 ] CVE-2006-0188
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188
  [ 2 ] CVE-2006-0195
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195
  [ 3 ] CVE-2006-0377
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

23384
SquirrelMail webmail.php right_frame Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-02-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.4.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站