=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN549
_____________________________________________________________________

DATE                      : 07/12/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running squirrelmail.

======================================================================
http://www.squirrelmail.org/security/issue/2006-12-02

----------------------------------------------------------------------

Cross site scripting in compose, draft & HTML mail viewing

Date:
     2006-12-02
Description:
     Cross site scripting via malicious input the mailto parameter of
webmail.php, the session and delete_draft parameters of compose.php.
This has been addressed in 1.4.9.

     Cross site scripting via a shortcoming in the magicHTML filter.
This has been addressed in 1.4.9 and improved in 1.4.9a.

Affected Versions:
     1.4.0 - 1.4.9

Register Globals:
     Register_globals does not have to be on for this issue.

CVE id('s):
     CVE-2006-6142

Patch:
     view patch
http://www.squirrelmail.org/patches/1.4.9-security/stable/

Credits:
     Thanks go to Martijn Brinkers for his continuous research that uncovered
these problems.


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================