漏洞信息详情
SquirrelMail ‘compose.php’多个信息泄露及数据修改漏洞
- CNNVD编号:CNNVD-200608-191
- 危害等级: 中危
![图片[1]-SquirrelMail ‘compose.php’多个信息泄露及数据修改漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-07-03/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2006-4019
- 漏洞类型:
输入验证
- 发布时间:
2006-06-01
- 威胁类型:
远程
- 更新时间:
2006-08-21
- 厂 商:
squirrelmail - 漏洞来源:
Thijs Kinkhorst ki… -
漏洞简介
SquirrelMail是一个多功能的用PHP4实现的Webmail程序,可运行于Linux/Unix类操作系统下。
SquirrelMail在处理邮件操作时存在漏洞,远程攻击者可能利用此漏洞执行某些非授权操作。
认证用户可以覆盖SquirrelMail的compose.php脚本中的随机变量,这可能导致读取或覆盖用户的偏好文件或附件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-minimal.patch
http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
参考网址
来源: www.squirrelmail.org
链接:http://www.squirrelmail.org/security/issue/2006-08-11
来源: MISC
链接:http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
来源: VUPEN
名称: ADV-2006-3271
链接:http://www.frsirt.com/english/advisories/2006/3271
来源: SECUNIA
名称: 21354
链接:http://secunia.com/advisories/21354
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-577
来源: XF
名称: squirrelmail-compose-variable-overwrite(28365)
链接:http://xforce.iss.net/xforce/xfdb/28365
来源: BID
名称: 19486
链接:http://www.securityfocus.com/bid/19486
来源: BUGTRAQ
名称: 20060811 SquirrelMail 1.4.8 released – fixes variable overwriting attack
链接:http://www.securityfocus.com/archive/1/archive/1/442993/100/0/threaded
来源: BUGTRAQ
名称: 20060811 rPSA-2006-0152-1 squirrelmail
链接:http://www.securityfocus.com/archive/1/archive/1/442980/100/0/threaded
来源: OSVDB
名称: 27917
来源: SECTRACK
名称: 1016689
链接:http://securitytracker.com/id?1016689
来源: SECUNIA
名称: 21444
链接:http://secunia.com/advisories/21444
来源: FULLDISC
名称: 20060811 rPSA-2006-0152-1 squirrelmail
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m=115532449024178&w=2
来源: VIM
名称: 20060811 SquirrelMail issue is dynamic variable evaluation
链接:http://attrition.org/pipermail/vim/2006-August/000970.html
来源: BID
名称: 25159
链接:http://www.securityfocus.com/bid/25159
来源: REDHAT
名称: RHSA-2006:0668
链接:http://www.redhat.com/support/errata/RHSA-2006-0668.html
来源: SUSE
名称: SUSE-SR:2006:023
链接:http://www.novell.com/linux/security/advisories/2006_23_sr.html
来源: MANDRIVA
名称: MDKSA-2006:147
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:147
来源: VUPEN
名称: ADV-2007-2732
链接:http://www.frsirt.com/english/advisories/2007/2732
来源: DEBIAN
名称: DSA-1154
链接:http://www.debian.org/security/2006/dsa-1154
来源: SECUNIA
名称: 26235
链接:http://secunia.com/advisories/26235
来源: SECUNIA
名称: 22487
链接:http://secunia.com/advisories/22487
来源: SECUNIA
名称: 22104
链接:http://secunia.com/advisories/22104
来源: SECUNIA
名称: 22080
链接:http://secunia.com/advisories/22080
来源: SECUNIA
名称: 21586
链接:http://secunia.com/advisories/21586
来源: APPLE
名称: APPLE-SA-2007-07-31
链接:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
来源: MANDRIVA
名称: MDKSA-2006:147
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:147
来源: docs.info.apple.com
链接:http://docs.info.apple.com/article.html?artnum=306172
来源: SGI
名称: 20061001-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
