Mandrake Security Advisory MDVSA-2009:222 (squirrelmail) Network Vulnerability

Summary

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:222.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:222

Insight

A vulnerability has been found and corrected in squirrelmail: All form submissions (send message, change preferences, etc.) in SquirrelMail were previously subject to cross-site request forgery (CSRF), wherein data could be sent to them from an offsite location, which could allow an attacker to inject malicious content into user preferences or possibly send emails without user consent (CVE-2009-2964). This update provides a solution to this vulnerability. Affected: Corporate 4.0, Enterprise Server 5.0

Severity

Classification

CVE CVE-2009-2964
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:186 (firebird)
Mandrake Security Advisory MDVSA-2009:031 (avahi)
Mandrake Security Advisory MDVSA-2009:160 (ruby)
Mandrake Security Advisory MDVSA-2009:157 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:175 (pango)

Take action and discover your vulnerabilities