Summary
The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:222.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:222
Insight
A vulnerability has been found and corrected in squirrelmail:
All form submissions (send message, change preferences, etc.) in SquirrelMail were previously subject to cross-site request forgery (CSRF), wherein data could be sent to them from an offsite location, which could allow an attacker to inject malicious content into user preferences or possibly send emails without user consent (CVE-2009-2964).
This update provides a solution to this vulnerability.
Affected: Corporate 4.0, Enterprise Server 5.0
Severity
Classification
-
CVE CVE-2009-2964 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities