squirrelmail-1.4.8-5.10AXS3
エラータID: AXSA:2009-409:02
リリース日:
2009/10/13 Tuesday - 15:23
題名:
squirrelmail-1.4.8-5.10AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- squirrelmail には複数のクロスサイトリクエストフォージェリ (CSRF) 脆弱性が存在し、メッセージを送ったり設定を変更する機能によって、リモートの攻撃者が不特定のユーザの認証を乗っ取る問題があります。(CVE-2009-2964)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-2964
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
追加情報:
N/A
ダウンロード:
SRPMS
- squirrelmail-1.4.8-5.10AXS3.src.rpm
MD5: 3d390b15765b36c1efbdaabd2505582c
SHA-256: 55ab1d80959fe2b7a9656c7e4f7de98c5329e975c772f0e606ca623fea6943eb
Size: 3.01 MB
Asianux Server 3 for x86
- squirrelmail-1.4.8-5.10AXS3.noarch.rpm
MD5: 5f2c289fb15d6205763c605c1bb54e56
SHA-256: 368f34cdbec04a41df9f8063262e755516a2ca2dc084e4609785768ccfd8dbb7
Size: 4.28 MB
Asianux Server 3 for x86_64
- squirrelmail-1.4.8-5.10AXS3.noarch.rpm
MD5: b7a1d7cc648e045e840e51753b6b2830
SHA-256: 3c31e0d10241b1768d8899fd79251b57e2cd7ba6b40cce87fd226dcbef8e43a1
Size: 4.28 MB