CentOS Update For Squirrelmail CESA-2009:1490 Centos3 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues.

Affected

squirrelmail on CentOS 3

References

http://lists.centos.org/pipermail/centos-announce/2009-October/016181.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2964
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Update for 4Suite CESA-2009:1572 centos3 i386
CentOS Update for acpid CESA-2009:1642 centos5 i386
CentOS Security Advisory CESA-2009:1335 (openssl)
CentOS Security Advisory CESA-2009:1036 (ipsec-tools)
CentOS Security Advisory CESA-2009:1123 (gstreamer-plugins-good)

CentOS Update for squirrelmail CESA-2009:1490 centos3 i386

Take action and discover your vulnerabilities