[Secure-testing-team] Bug#543818: CVE-2009-2964: Multiple cross-site request forgery (CSRF) vulnerabilities
Giuseppe Iuculano
giuseppe at iuculano.it
Thu Aug 27 06:56:11 UTC 2009
Package: squirrelmail
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for squirrelmail.
CVE-2009-2964[0]:
| Multiple cross-site request forgery (CSRF) vulnerabilities in
| SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the
| authentication of unspecified victims via features such as send
| message and change preferences, related to (1)
| functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3)
| src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6)
| src/folders_create.php, (7) src/folders_delete.php, (8)
| src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10)
| src/folders_subscribe.php, (11) src/move_messages.php, (12)
| src/options.php, (13) src/options_highlight.php, (14)
| src/options_identities.php, (15) src/options_order.php, (16)
| src/search.php, and (17) src/vcard.php.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964
http://security-tracker.debian.net/tracker/CVE-2009-2964
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqWLggACgkQNxpp46476aq4qQCfd7xGKycb4zbR7luKUQdi8UeJ
YiAAnRkV5L1Tw1m62WToOIynC7NVSb1B
=fHbw
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list