Article ID: 2941, created on Oct 29, 2007, last review on Apr 18, 2012

  • Applies to:
  • Pro Control Panel Linux

AdditionalInformation

View Knowledge
Knowledge ID 2420
Product : Ensim Pro for Linux
Version : 4.1.0
Topic : Hotfix

Title
Hotfix : Security: squirrelmail has cross site scripting vulnerability

Summary
Addresses the issue "Security: squirrelmail has cross site scripting vulnerability (upgrade to 1.4.9a)"

Prevention


Details

Product : Ensim Pro for Linux
Version : 4.1.0 (Fedora Core 1, Fedora Core 2, Red Hat Enterprise Linux 3ES, Red Hat Enterprise Linux 4ES)
Date :  09-January-2007
Description :

http://squirrelmail.org/security/issue/2006-12-02
Cross site scripting vulnerability via malicious input to the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php. This has been addressed in 1.4.9a.
Cross site scripting vulnerability via a shortcoming in the magicHTML filter. This has been addressed in 1.4.9 and improved in 1.4.9a.
Affected Versions: 1.4.0 - 1.4.9 Register Globals: Register_globals does not have to be on for this issue.
This hotfix resolves the issue on Ensim Pro for Linux v4.1.0 for the following operating systems :
Fedora Core 1 (FC1)
Fedora Core 2 (FC2)
RHEL3ES
RHEL4ES
       
              
Download :

For fc1:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/fc1/virtualhosting-fst-sqmail-4.1.0-14.fc.1.i386.rpm
md5sum: 497fcdf396bc6a10be73cee2deb911cb

For fc2:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/fc2/virtualhosting-fst-sqmail-4.1.0-14.fc.2.i386.rpm
md5sum: 11b9fec20c79dd60c690101881702a2e

For RHEL3:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/rhel3/virtualhosting-fst-sqmail-4.1.0-14.rhel.3ES.i386.rpm
md5sum: ccfc3675c982bf4ad348eb3f81a24db2

For RHEL4:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/rhel4/virtualhosting-fst-sqmail-4.1.0-14.rhel.4ES.i386.rpm
md5sum: fc96d5879e755b2410457bdfb7e03434

Installation Procedure:
The following instructions need to be executed by the end customer in order to apply this fix:

  1. rpm -Uvh virtualhosting-fst-sqmail-4.1.0-14.*.rpm
  2. set_pre_maintenance && set_maintenance && set_post_maintenance
  3. service webppliance restart

 

 

 


Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
1/8/2007 11:54:41 PM52 10/11/2007 2:46:25 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF