aru Posted June 16, 2006 Report Share Posted June 16, 2006 Mandriva Advisories MDKSA-2006:101 : squirrelmail Updated squirrelmail packages fix vulnerabilities June 14th, 2006 A PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Updated packages are patched to address these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:101 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2842 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts