Vigil@nce: SquirrelMail, Cross Site Scripting
December 2008 by Vigil@nce
SYNTHESIS
An attacker can send a HTML mail in order to create a Cross Site
Scripting in the web browser of victims reading this email with
SquirrelMail.
Gravity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/12/2008
IMPACTED PRODUCTS
– Debian Linux
– Fedora
– OpenSUSE
– SuSE Linux
– SUSE LINUX Enterprise Server
– Unix - plateform
DESCRIPTION
The SquirrelMail server can be used to read a mailbox using a web
browser.
When a HTML document contains a link, the following syntax is
generally used:
...
Quotes are not required if the url does not contain spaces.
SquirrelMail reconstructs the tag, but does not add quotes around
its attribute. An attacker can therefore use an url containing a
space in order to inject HTML code in the generated page.
An attacker can thus send a HTML mail in order to create a Cross
Site Scripting in the web browser of victims reading this email
with SquirrelMail.
CHARACTERISTICS
Identifiers: BID-32603, CVE-2008-2379, DSA 1682-1,
FEDORA-2008-10740, FEDORA-2008-10748, FEDORA-2008-10918,
SUSE-SR:2008:027, VIGILANCE-VUL-8285