The remote host is missing an update to squirrelmail announced via advisory DSA 1154-1. James Bercegay of GulfTech Security Research disovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or write the preferences or attachment files of other users.

For the stable distribution (sarge) this problem has been fixed in version 1.4.4-9. For the unstable distribution (sid) this problem has been fixed in version 1.4.8-1. We recommend that you upgrade your squirrelmail package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201154-1