LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: [ MDVSA-2009:053 ] squirrelmail Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been identified and corrected in squirrelmail: Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie (CVE-2008-3663).
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:053
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : squirrelmail
 Date    : February 24, 2009
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been identified and corrected in squirrelmail:
 
 Squirrelmail 1.4.15 does not set the secure flag for the session
 cookie in an https session, which can cause the cookie to be sent in
 http requests and make it easier for remote attackers to capture this
 cookie (CVE-2008-3663).
 
 Additionally many of the bundled plugins has been upgraded. The
 localization has also been upgraded. Basically this is a syncronization
 with the latest squirrelmail package found in Mandriva Cooker. The
 rpm changelog will reveal all the changes (rpm -q --changelog
 squirrelmail).
 
 The updated packages have been upgraded to the latest version of
 squirrelmail to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3663
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 95cf03be6e7b2473ce9a0b5a1367bae2  corporate/4.0/i586/squirrelmail-1.4.17-0.1.20060mlcs4.noarch.rpm
 48ad051dd66c37855aa3fb6c2cbc20f7  corporate/4.0/i586/squirrelmail-ar-1.4.17-0.1.20060mlcs4.noarch.rpm
 74fb0e0b4cb0acfc6cb44ca2a93a4b97  corporate/4.0/i586/squirrelmail-bg-1.4.17-0.1.20060mlcs4.noarch.rpm
 d222212f2234962f8ca4e66c156b37da  corporate/4.0/i586/squirrelmail-bn-1.4.17-0.1.20060mlcs4.noarch.rpm
 8980f21c82a249247b920f1e4cfcca4f  corporate/4.0/i586/squirrelmail-ca-1.4.17-0.1.20060mlcs4.noarch.rpm
 3c0e44566b306403dd521eb38bf07c1d  corporate/4.0/i586/squirrelmail-cs-1.4.17-0.1.20060mlcs4.noarch.rpm
 d14219415c953cc4ea76ac8ebbc66a52  corporate/4.0/i586/squirrelmail-cy-1.4.17-0.1.20060mlcs4.noarch.rpm
 a69de36da8dd2f34dd8d37c80c2c4921  corporate/4.0/i586/squirrelmail-cyrus-1.4.17-0.1.20060mlcs4.noarch.rpm
 7849df3760134a094993b05a51b92ae4  corporate/4.0/i586/squirrelmail-da-1.4.17-0.1.20060mlcs4.noarch.rpm
 c70a008e5665906adf5002eb60792125  corporate/4.0/i586/squirrelmail-de-1.4.17-0.1.20060mlcs4.noarch.rpm
 cf72c9ca4d3bd83f2e7167d6282af3ab  corporate/4.0/i586/squirrelmail-el-1.4.17-0.1.20060mlcs4.noarch.rpm
 1874b68127cffe0634ed9deae3dd1274  corporate/4.0/i586/squirrelmail-en-1.4.17-0.1.20060mlcs4.noarch.rpm
 f6b39e384b632b4e3de4e8bf26d8fa15  corporate/4.0/i586/squirrelmail-es-1.4.17-0.1.20060mlcs4.noarch.rpm
 4c696de6f338592193741e1bbc76bf29  corporate/4.0/i586/squirrelmail-et-1.4.17-0.1.20060mlcs4.noarch.rpm
 0642590bd9d9dc51e83bfd312b4fb9b4  corporate/4.0/i586/squirrelmail-eu-1.4.17-0.1.20060mlcs4.noarch.rpm
 3b36ab450803e6af544d4d4f7fe44669  corporate/4.0/i586/squirrelmail-fa-1.4.17-0.1.20060mlcs4.noarch.rpm
 ccb3971fb245acc430b4142423d836ad  corporate/4.0/i586/squirrelmail-fi-1.4.17-0.1.20060mlcs4.noarch.rpm
 fce50af8c6358c90609efd5bfd6cb9c7  corporate/4.0/i586/squirrelmail-fo-1.4.17-0.1.20060mlcs4.noarch.rpm
 27dcca136f22dcd2380162d997786c0c  corporate/4.0/i586/squirrelmail-fr-1.4.17-0.1.20060mlcs4.noarch.rpm
 6749520ef18e97c7e1a012a0b8788283  corporate/4.0/i586/squirrelmail-fy-1.4.17-0.1.20060mlcs4.noarch.rpm
 120d7de4c1803077be58457bd3915cfb  corporate/4.0/i586/squirrelmail-he-1.4.17-0.1.20060mlcs4.noarch.rpm
 6ce9336b4e1886d3b3b788e60741fba9  corporate/4.0/i586/squirrelmail-hr-1.4.17-0.1.20060mlcs4.noarch.rpm
 34410baa68c8242a55ecaed98b2a2ba3  corporate/4.0/i586/squirrelmail-hu-1.4.17-0.1.20060mlcs4.noarch.rpm
 086d7d245a07bbd1b4f505bc7e472bf5  corporate/4.0/i586/squirrelmail-id-1.4.17-0.1.20060mlcs4.noarch.rpm
 a66caff93eb9f08d77dff47d3ae5c095  corporate/4.0/i586/squirrelmail-is-1.4.17-0.1.20060mlcs4.noarch.rpm
 327c9e879d151c47a49e55db9f43cec0  corporate/4.0/i586/squirrelmail-it-1.4.17-0.1.20060mlcs4.noarch.rpm
 17861b881b7aa57ce4ca9f2765c0546c  corporate/4.0/i586/squirrelmail-ja-1.4.17-0.1.20060mlcs4.noarch.rpm
 09279a8560e542523a32c983f13e7097  corporate/4.0/i586/squirrelmail-ka-1.4.17-0.1.20060mlcs4.noarch.rpm
 0ca6370e0123ab26751968cdfdb8ed4a  corporate/4.0/i586/squirrelmail-ko-1.4.17-0.1.20060mlcs4.noarch.rpm
 3722d115be357f977771d0cf5d6835eb  corporate/4.0/i586/squirrelmail-lt-1.4.17-0.1.20060mlcs4.noarch.rpm
 d4895ada8778c74bd802107dc60ddc34  corporate/4.0/i586/squirrelmail-ms-1.4.17-0.1.20060mlcs4.noarch.rpm
 e6c7702f13621939332eff915c577a25  corporate/4.0/i586/squirrelmail-nb-1.4.17-0.1.20060mlcs4.noarch.rpm
 be02fc2b9c7f38832717a640f51948c0  corporate/4.0/i586/squirrelmail-nl-1.4.17-0.1.20060mlcs4.noarch.rpm
 44be9d366b1cf2fc1851921309e932b5  corporate/4.0/i586/squirrelmail-nn-1.4.17-0.1.20060mlcs4.noarch.rpm
 d55ee89dc3ccb24300fb244511b3c12f  corporate/4.0/i586/squirrelmail-pl-1.4.17-0.1.20060mlcs4.noarch.rpm
 76e2c8410bcad887533a39cd47bd7b7c  corporate/4.0/i586/squirrelmail-poutils-1.4.17-0.1.20060mlcs4.noarch.rpm
 3810039b267b21627bbaf0cea4866121  corporate/4.0/i586/squirrelmail-pt-1.4.17-0.1.20060mlcs4.noarch.rpm
 e1d6c22111fa3f391f150a906ca90297  corporate/4.0/i586/squirrelmail-ro-1.4.17-0.1.20060mlcs4.noarch.rpm
 551417519f6fc6328d18dee99ef3e688  corporate/4.0/i586/squirrelmail-ru-1.4.17-0.1.20060mlcs4.noarch.rpm
 5f89f9f664fa272ab5eb09758d15e4ab  corporate/4.0/i586/squirrelmail-sk-1.4.17-0.1.20060mlcs4.noarch.rpm
 ed1fa76c7eeb136a972bb512c89c0d20  corporate/4.0/i586/squirrelmail-sl-1.4.17-0.1.20060mlcs4.noarch.rpm
 dc1d7563d4b3f90be2fd65a1b3f1ccbe  corporate/4.0/i586/squirrelmail-sr-1.4.17-0.1.20060mlcs4.noarch.rpm
 9603483d42484083c30321112b17381e  corporate/4.0/i586/squirrelmail-sv-1.4.17-0.1.20060mlcs4.noarch.rpm
 e958148672aeba7dc9fc7973c068a2e5  corporate/4.0/i586/squirrelmail-th-1.4.17-0.1.20060mlcs4.noarch.rpm
 b4def8e3eb06e5e7ac77dfcc22b71ad0  corporate/4.0/i586/squirrelmail-tr-1.4.17-0.1.20060mlcs4.noarch.rpm
 adddb115aa7e5fd2ce574853a36994a3  corporate/4.0/i586/squirrelmail-ug-1.4.17-0.1.20060mlcs4.noarch.rpm
 a53114b6941cf3f89fa0eaeae27d4bc8  corporate/4.0/i586/squirrelmail-uk-1.4.17-0.1.20060mlcs4.noarch.rpm
 822cde1f3bf902ecb9abbe258519e900  corporate/4.0/i586/squirrelmail-vi-1.4.17-0.1.20060mlcs4.noarch.rpm
 72bf98850b16465e51c37ec5a9db11b5  corporate/4.0/i586/squirrelmail-zh_CN-1.4.17-0.1.20060mlcs4.noarch.rpm
 0809e8c6c39fbe5876826f95af840422  corporate/4.0/i586/squirrelmail-zh_TW-1.4.17-0.1.20060mlcs4.noarch.rpm 
 3b73c9fa245ff0f4b0a499a57734b206  corporate/4.0/SRPMS/squirrelmail-1.4.17-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f3280de8c12c7ae65a33d2f688089629  corporate/4.0/x86_64/squirrelmail-1.4.17-0.1.20060mlcs4.noarch.rpm
 fa1772d2fb8b956c1614213016d3ad2f  corporate/4.0/x86_64/squirrelmail-ar-1.4.17-0.1.20060mlcs4.noarch.rpm
 e5764853ee1ac844d2a14227811f756b  corporate/4.0/x86_64/squirrelmail-bg-1.4.17-0.1.20060mlcs4.noarch.rpm
 068e23a40e2e427262d066f8d936395a  corporate/4.0/x86_64/squirrelmail-bn-1.4.17-0.1.20060mlcs4.noarch.rpm
 292a1737117c10a1f1d1043d4a51428a  corporate/4.0/x86_64/squirrelmail-ca-1.4.17-0.1.20060mlcs4.noarch.rpm
 5b839c4a195512a53cd221ac4baa8d06  corporate/4.0/x86_64/squirrelmail-cs-1.4.17-0.1.20060mlcs4.noarch.rpm
 a5a9bf409eee0ee254ebbb7001a76378  corporate/4.0/x86_64/squirrelmail-cy-1.4.17-0.1.20060mlcs4.noarch.rpm
 def9e8790daa459442c0d508505aaaed  corporate/4.0/x86_64/squirrelmail-cyrus-1.4.17-0.1.20060mlcs4.noarch.rpm
 000185f344e00635757554fe8bd18ddf  corporate/4.0/x86_64/squirrelmail-da-1.4.17-0.1.20060mlcs4.noarch.rpm
 8c7be1bc423c4f696255d9f415e48afc  corporate/4.0/x86_64/squirrelmail-de-1.4.17-0.1.20060mlcs4.noarch.rpm
 8c35e51637e8b59fd78b41761d8692d3  corporate/4.0/x86_64/squirrelmail-el-1.4.17-0.1.20060mlcs4.noarch.rpm
 c14478a63e3e0987a37dd544d7aa2321  corporate/4.0/x86_64/squirrelmail-en-1.4.17-0.1.20060mlcs4.noarch.rpm
 c519e263503c63835158ad681328eb4f  corporate/4.0/x86_64/squirrelmail-es-1.4.17-0.1.20060mlcs4.noarch.rpm
 d1196b2bbd9b594590e4443d07375d2c  corporate/4.0/x86_64/squirrelmail-et-1.4.17-0.1.20060mlcs4.noarch.rpm
 9984a56548e20544a7ec3a7c04a87618  corporate/4.0/x86_64/squirrelmail-eu-1.4.17-0.1.20060mlcs4.noarch.rpm
 b81613ef5be414de9259e8a0df13ac1a  corporate/4.0/x86_64/squirrelmail-fa-1.4.17-0.1.20060mlcs4.noarch.rpm
 084e365cc0510a47a8b94d0a0910deab  corporate/4.0/x86_64/squirrelmail-fi-1.4.17-0.1.20060mlcs4.noarch.rpm
 16a77fb651be0671a7686998604cb56a  corporate/4.0/x86_64/squirrelmail-fo-1.4.17-0.1.20060mlcs4.noarch.rpm
 e00d39d149486d25489dc74f743a172c  corporate/4.0/x86_64/squirrelmail-fr-1.4.17-0.1.20060mlcs4.noarch.rpm
 6a2941e570de99f7f70a9ad06306bb95  corporate/4.0/x86_64/squirrelmail-fy-1.4.17-0.1.20060mlcs4.noarch.rpm
 5089a3f371d061cf7d314418d74ec6c5  corporate/4.0/x86_64/squirrelmail-he-1.4.17-0.1.20060mlcs4.noarch.rpm
 8a79c67035594085350ed5c01014490c  corporate/4.0/x86_64/squirrelmail-hr-1.4.17-0.1.20060mlcs4.noarch.rpm
 f844187c116db05adb103bccf3d28e64  corporate/4.0/x86_64/squirrelmail-hu-1.4.17-0.1.20060mlcs4.noarch.rpm
 ae255f18f6043ab1fba455367e772e08  corporate/4.0/x86_64/squirrelmail-id-1.4.17-0.1.20060mlcs4.noarch.rpm
 6edd501ae42ae224108cb5c5970abcec  corporate/4.0/x86_64/squirrelmail-is-1.4.17-0.1.20060mlcs4.noarch.rpm
 8ab4887fa775d71a4f13b53ccf39515d  corporate/4.0/x86_64/squirrelmail-it-1.4.17-0.1.20060mlcs4.noarch.rpm
 c902aafe8b7d9c43368ad07293e7944d  corporate/4.0/x86_64/squirrelmail-ja-1.4.17-0.1.20060mlcs4.noarch.rpm
 4b4e4e4466552cbd191a57fc322dcf6f  corporate/4.0/x86_64/squirrelmail-ka-1.4.17-0.1.20060mlcs4.noarch.rpm
 732741d18e3809b0ac3d0bbd45c6cca2  corporate/4.0/x86_64/squirrelmail-ko-1.4.17-0.1.20060mlcs4.noarch.rpm
 119270b21cc6c65afdca3d87a856aff3  corporate/4.0/x86_64/squirrelmail-lt-1.4.17-0.1.20060mlcs4.noarch.rpm
 1acb391634cd131d1c2025bbc6bcd565  corporate/4.0/x86_64/squirrelmail-ms-1.4.17-0.1.20060mlcs4.noarch.rpm
 4b4bf405f01b66cd23c8e743f3e73467  corporate/4.0/x86_64/squirrelmail-nb-1.4.17-0.1.20060mlcs4.noarch.rpm
 9ba3f11c67681fd56c20f4f7f4f8da87  corporate/4.0/x86_64/squirrelmail-nl-1.4.17-0.1.20060mlcs4.noarch.rpm
 12836c4fcaff9901a6010d6d086b83a7  corporate/4.0/x86_64/squirrelmail-nn-1.4.17-0.1.20060mlcs4.noarch.rpm
 09549a89a49c8575b4eea539be30299e  corporate/4.0/x86_64/squirrelmail-pl-1.4.17-0.1.20060mlcs4.noarch.rpm
 e621130952570623a18aeedb9ed601ee  corporate/4.0/x86_64/squirrelmail-poutils-1.4.17-0.1.20060mlcs4.noarch.rpm
 18fce011683b8c45dfedea86bdab0806  corporate/4.0/x86_64/squirrelmail-pt-1.4.17-0.1.20060mlcs4.noarch.rpm
 1d7235de07d3ecf72c067f2e14c9242e  corporate/4.0/x86_64/squirrelmail-ro-1.4.17-0.1.20060mlcs4.noarch.rpm
 5bcca5a9fac90955fdc80d8cf3f377a7  corporate/4.0/x86_64/squirrelmail-ru-1.4.17-0.1.20060mlcs4.noarch.rpm
 6c7d0e3e24a9d072423f27adb7952075  corporate/4.0/x86_64/squirrelmail-sk-1.4.17-0.1.20060mlcs4.noarch.rpm
 2c829346fc30baa8c50113efc358c55c  corporate/4.0/x86_64/squirrelmail-sl-1.4.17-0.1.20060mlcs4.noarch.rpm
 88b492db17ef422d1c212e56afa1310f  corporate/4.0/x86_64/squirrelmail-sr-1.4.17-0.1.20060mlcs4.noarch.rpm
 baf5056d4689d5e780f7288a4aae52ed  corporate/4.0/x86_64/squirrelmail-sv-1.4.17-0.1.20060mlcs4.noarch.rpm
 493492b2dd7a2321b0809a5960a61c6f  corporate/4.0/x86_64/squirrelmail-th-1.4.17-0.1.20060mlcs4.noarch.rpm
 9213573d6ecc7a65e5256a71a3c9bf87  corporate/4.0/x86_64/squirrelmail-tr-1.4.17-0.1.20060mlcs4.noarch.rpm
 66a85c60754fcec43bc94a3191e72601  corporate/4.0/x86_64/squirrelmail-ug-1.4.17-0.1.20060mlcs4.noarch.rpm
 53bbb278705820e71538bdc97fdfac5b  corporate/4.0/x86_64/squirrelmail-uk-1.4.17-0.1.20060mlcs4.noarch.rpm
 7cbaedc9c128d3d7b0a7f2b9b40cb950  corporate/4.0/x86_64/squirrelmail-vi-1.4.17-0.1.20060mlcs4.noarch.rpm
 119559074ec11e1de195513b4c4bf33e  corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.17-0.1.20060mlcs4.noarch.rpm
 1cfa34238c7e5d45cb726ddea9d154dc  corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.17-0.1.20060mlcs4.noarch.rpm 
 3b73c9fa245ff0f4b0a499a57734b206  corporate/4.0/SRPMS/squirrelmail-1.4.17-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Anti-surveillance advocates want you to run an open, secure WiFi router
Attackers raid SWISS BANKS with DNS and malware bombs
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying
Black Hat presentation on TOR suddenly cancelled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.