ID CVE-2005-2095
Summary options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
References
Vulnerable Configurations
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.6
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.6
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.7
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.7
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.8
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.8
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.9
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.9
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.10
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.10
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.11
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.11
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a
  • cpe:2.3:a:squirrelmail:squirrelmail:1.44
    cpe:2.3:a:squirrelmail:squirrelmail:1.44
CVSS
Base: 4.3 (as of 13-07-2005 - 18:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite. CVE-2005-2095. Webapps exploit for PHP platform
id EDB-ID:43830
last seen 2018-01-24
modified 2015-07-14
published 2015-07-14
reporter Exploit-DB
source https://www.exploit-db.com/download/43830/
title SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-595.NASL
    description An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21950
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21950
    title CentOS 3 / 4 : SquirrelMail (CESA-2005:595)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-595.NASL
    description An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19381
    published 2005-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19381
    title RHEL 3 / 4 : squirrelmail (RHSA-2005:595)
  • NASL family CGI abuses
    NASL id SQUIRRELMAIL_145.NASL
    description According to its banner, the version of SquirrelMail installed on the remote host is prone to multiple flaws : - Post Variable Handling Vulnerabilities Using specially crafted POST requests, an attacker may be able to set random variables in the file 'options_identities.php', which could lead to accessing other users' preferences, cross-site scripting attacks, and writing to arbitrary files. - Multiple Cross-Site Scripting Vulnerabilities Using a specially crafted URL or email message, an attacker may be able to exploit these flaws, stealing cookie-based session identifiers and thereby hijacking SquirrelMail sessions.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18504
    published 2005-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18504
    title SquirrelMail < 1.45 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 19463
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19463
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-595-02.NASL
    description An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67029
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67029
    title CentOS 3 / 4 : SquirrelMail (CESA-2005:595-02)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7D52081F279511DABC01000E0C2E438A.NASL
    description A Squirrelmail Advisory reports : An extract($_POST) was done in options_identities.php which allowed for an attacker to set random variables in that file. This could lead to the reading (and possible writing) of other people's preferences, cross site scripting or writing files in webserver-writable locations.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 21456
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21456
    title FreeBSD : squirrelmail -- _$POST variable handling allows for various attacks (7d52081f-2795-11da-bc01-000e0c2e438a)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-756.NASL
    description Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1769 Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML in the URL and e-mail messages. - CAN-2005-2095 James Bercegay of GulfTech Security discovered a vulnerability in the variable handling which could lead to attackers altering other people's preferences and possibly reading them, writing files at any location writable for www-data and cross site scripting.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19196
    published 2005-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19196
    title Debian DSA-756-1 : squirrelmail - several vulnerabilities
oval via4
accepted 2013-04-29T04:06:11.499-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
family unix
id oval:org.mitre.oval:def:10500
status accepted
submitted 2010-07-09T03:56:16-04:00
title options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:595
refmap via4
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
bid 14254
bugtraq
  • 20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability
  • 20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095
confirm http://www.squirrelmail.org/security/issue/2005-07-13
debian DSA-756
fedora FLSA:163047
misc http://www.gulftech.org/?node=research&article_id=00090-07142005
suse SUSE-SR:2005:018
xf squirrelmail-set-post-variable(21359)
Last major update 21-08-2010 - 00:00
Published 13-07-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top