Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160241 - CAN-2005-1769 Multiple XSS issues in squirrelmail
Summary: CAN-2005-1769 Multiple XSS issues in squirrelmail
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: squirrelmail
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Warren Togami
QA Contact:
URL:
Whiteboard: public=20050615,impact=moderate,sourc...
: 165094 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-13 19:20 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version: RHSA-2005-595
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-08-03 14:16:04 UTC


Attachments (Terms of Use)
Current upstream patch (deleted)
2005-06-13 19:31 UTC, Josh Bressers
no flags Details | Diff
Latest upstream patch (deleted)
2005-06-14 21:31 UTC, Josh Bressers
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:595 normal SHIPPED_LIVE Moderate: squirrelmail security update 2005-08-03 04:00:00 UTC

Description Josh Bressers 2005-06-13 19:20:59 UTC
We, the SquirrelMail project, plan on publicizing the attached patch
upcoming Wednesday, June 15th 2005. We're sending it here to give you
some advance notice to prepare for this if you want to. Sorry for the
short notice but this was mainly caused by the finding of some
additional issues.

- It contains fixes for several cross site scripting attacks, most by
URL manipulation, and some by sending a specially crafted HTML email.
- The attached patch is tentative; further testing or further revealed
issues may warrant changes between now and the release.
- The patch is made against the 1.4.4-release version of SquirrelMail.
- Please do not disclose information about this vulnerability until
Wednesday.
- Credits to many of the findings go to Martijn Brinkers.

Comment 1 Josh Bressers 2005-06-13 19:26:08 UTC
This issue should also affect RHEL3

Comment 2 Josh Bressers 2005-06-13 19:31:09 UTC
Created attachment 115373 [details]
Current upstream patch

Comment 3 Josh Bressers 2005-06-14 21:31:48 UTC
Created attachment 115434 [details]
Latest upstream patch

Comment 5 Mark J. Cox 2005-06-20 10:19:20 UTC
removing embargo

Comment 7 Red Hat Bugzilla 2005-08-03 14:16:05 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-595.html


Comment 8 Jimmy Cho 2005-08-04 03:24:29 UTC
There is a problem with the patch file
squirrelmail-1.4.3a-CAN-2005-1769.patch

the  line

$abook-error =  htmlspecialchars($abook_error);

should be

$abook->error =  htmlspecialchars($abook_error);


Comment 9 Josh Bressers 2005-08-04 04:12:56 UTC
Jindrich,

If you can roll up some new packages without the typo ASAP.  It seems this bug
breaks all addressbooks in squirrelmail.

This type came from upstream, they fixed it without telling anyone.

Comment 10 Jindrich Novy 2005-08-04 07:50:09 UTC
Josh,

packages with the fixed patch are now added.

Comment 11 Warren Togami 2005-08-04 21:07:40 UTC
*** Bug 165094 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.