what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

squirrel-csrf.txt

squirrel-csrf.txt
Posted May 11, 2007
Authored by Avinash Shenoi, Vivek Relan

SquirrelMail versions 1.4.8-4.fc6 and below are susceptible to a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | c6523cb6f9240785bc1be6778c5fb6692dfcce73d99be8855036977ff696f739

squirrel-csrf.txt

Change Mirror Download

I. BACKGROUND

SquirrelMail is a standards-based webmail package written in PHP.
It includes built-in pure PHP support for the IMAP and SMTP protocols,
and all pages render in pure HTML 4.0 (with no JavaScript required)
for maximum compatibility across browsers. It has very few requirements
and is very easy to configure and install. SquirrelMail has all the
functionality you would want from an email client, including strong MIME
support, address books, and folder manipulation.

II. DESCRIPTION

Squirrel Mail application is vulnerable to Cross Site Request Forgery (CSRF)
vulnerability.

A remote user can perform all the legitimate actions which a normal user can
perform after a logged-in.

This attack is launched because squirrel mail application doesn't have secondary
authentication for actions. That is, application authenticates the request based
on cookie present in it. It does not have any session token which will identify
request as legitimate or not.

Assumption:

* The attacker has knowledge of sites the victim has current authentication on
* The attacker's "target site" has persistent authentication cookies, or the victim
has a current session cookie

III. ANALYSIS

Successful exploitation of this vulnerability would allow an attacker to perform all the action
which a legitimate user can do. For example,
1. Send an E-Mail on behalf of victim.
2. Delete an E-Mail from victim's account.
3. Add a new contact into address book.
4. Create a new folder into victim's account.
5. Change the options/settings of victim's account.
6. Sign Out the victim from current session.

IV. DETECTION

Latest version of squirrel mail 1.4.8-4.fc6 and prior are found vulnerable.

V. WORKAROUND

I. Application should check for Referer Header in every post login request.

II. Application should use CSRF token which is random enough to identify every legitimate post login request.

VI. VENDOR RESPONSE
??

VII. CVE INFORMATION
??

VIII. DISCLOSURE TIMELINE

05/02/2007 Initial vendor notification

??/??/??Initial vendor response

??/??/??Coordinated public disclosure

IX. CREDIT

Avinash Shenoi (savinash@cenzic.com)
Vivek Relan (vivek@cenzic.com)
Cenzic Inc.

X. REFERENCES

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1648

XI. LEGAL NOTICES

Copyright ©

Permission is granted for the redistribution of this alert electronically. It may not be edited
in any way without the express written consent of Cenzic. If you wish to reprint the whole or
any part of this alert in any other medium other than electronically, please email for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing
based on currently available information. Use of the information constitutes acceptance for use
in an AS IS condition. There are no warranties with regard to this information. Neither the author
nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage
arising from use of, or reliance on, this information.

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close