Solution
Please Install the Updated Packages.
Insight
SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation.
The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions. (CVE-2009-0030)
SquirrelMail users should upgrade to this updated package, which contains a patch to correct this issue. As well, all users who used affected versions of SquirrelMail should review their preferences.
Affected
squirrelmail on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0030 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities