[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2009:0057-01 -- Redhat squirrelmail

ID: oval:org.secpod.oval:def:500548Date: (C)2012-01-31   (M)2023-11-09
Class: PATCHFamily: unix




SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions. SquirrelMail users should upgrade to this updated package, which contains a patch to correct this issue. As well, all users who used affected versions of SquirrelMail should review their preferences.

Platform:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 3
Product:
squirrelmail
Reference:
RHSA-2009:0057-01
CVE-2009-0030
CVE-2009-1580
CVE    2
CVE-2009-0030
CVE-2009-1580
CPE    4
cpe:/a:squirrelmail:squirrelmail
cpe:/o:redhat:enterprise_linux:5
cpe:/o:redhat:enterprise_linux:4
cpe:/o:redhat:enterprise_linux:3
...

© SecPod Technologies