Technical Description

Several vulnerabilities were reported in SquirrelMail, which could be exploited by attackers to include arbitrary code or inject HTML scripts. The first flaw resides in the "prefs.php" script which can allow an attacker to provide a specially crafted URL that could include local files into the SquirrelMail code. The second vulnerability is due to an insufficient checking of incoming URL vars in the "src/webmail.php" file, which may allow attackers to include arbitrary remote web pages in the SquirrelMail frameset. The third issue results from an insufficient escaping of integer variables in "src/webmail.php" and can be exploited to inject HTML/script-code into a SquirrelMail webpage.

Affected Products

SquirrelMail versions 1.4.0-RC1 to 1.4.4-RC1

Solution

Use SquirrelMail version 1.4.4 :
http://www.squirrelmail.org/download.php
Or Apply patches :
http://cvs.sf.net/viewcvs.py/squirrelmail/squirrelmail/

References

http://www.vupen.com/english/advisories/2005/0057
http://www.squirrelmail.org/security/issue/2005-01-14
http://www.squirrelmail.org/security/issue/2005-01-19
http://www.squirrelmail.org/security/issue/2005-01-20

Credits

Vulnerabilities reported by Jimmy Conner, Manoel Zaninetti and SquirrelMail developers.

ChangeLog

2005-01-24 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.