MDKSA-2006:101
- Package name
- squirrelmail
- Date
- 2006-06-14
- Advisory ID
- MDKSA-2006:101
- Affected versions
- CS3.0 i586 , CS3.0 x86_64
Problem description
A PHP remote file inclusion vulnerability in functions/plugin.php
in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and
magic_quotes_gpc is disabled, allows remote attackers to execute
arbitrary PHP code via a URL in the plugins array parameter.
NOTE: this issue has been disputed by third parties, who state that
Squirrelmail provides prominent warnings to the administrator when
register_globals is enabled.
Updated packages are patched to address these issues.
Updated packages
CS3.0 i586
129dc516318e39d58c4fdef7d0a41f02 corporate/3.0/RPMS/squirrelmail-1.4.5-1.3.C30mdk.noarch.rpm 080b141df7eeefff678572a92899a100 corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.3.C30mdk.noarch.rpm 98f98af3cc7d023838dba84c6fb0651c corporate/3.0/SRPMS/squirrelmail-1.4.5-1.3.C30mdk.src.rpm
CS3.0 x86_64
d82bab3f4b286eb2c3ad3bcbe4d0b23c x86_64/corporate/3.0/RPMS/squirrelmail-1.4.5-1.3.C30mdk.noarch.rpm 919fb3eb66dba1d83d19329b04283885 x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.3.C30mdk.noarch.rpm 98f98af3cc7d023838dba84c6fb0651c x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.3.C30mdk.src.rpm