SquirrelMail - Remote hacker automatic control
| Version: | 1.4.11 to 1.4.12 |
| Technical Details: | The primary repository for SquirrelMail was poisoned, with versions 1.4.11 and 1.4.12 being altered to make them vulnerable to an arbitrary remote code execution condition. |
Description: |
It was recently discovered that the primary download repositories for SquirrelMail, the popular PHP-based webmail application, were compromised by unknown parties and two recent versions of the software were modified to introduce a critical vulnerability. The introduced vulnerability would allow a remote attacker to run software of their choice on a victim's server that is running SquirrelMail. |
Mitigation: |
Update to version 1.4.13 of SquirrelMail and ensure that the signatures match the packages. |
Updates: |
http://www.squirrelmail.org/download.php |
Source: |
http://www.squirrelmail.org/ and http://www.cgisecurity.com/2007/12/13 |
Exploits: |
Not publicly available |
| External Tracking Data: | Not yet Identified |
Social bookmark this page
More information:
Subscribe to our feed.Security Portal202420232022202120202019201820172016201520142013201220112010200920082007 - DecemberSquirrelMail - Remote hacker automatic control - November - October - September - August - July - June - May - April - March - February - January20062005
Focussed Advisories
Reach Us:
Reach us at
info@beskerming.com
Reach us via IM
Jabber:
Server - jabber.org.au
Account - Sunnet.Beskerming
AIM / iChat:
sunnetbeskerming
ICQ:
339742914
Google Talk:
Sunnet.Beskerming
Yahoo! Messenger:
sunnet.beskerming
MSN:
info@beskerming.com
Testimonials
"...extremely timely, accurate reporting..."
"...honesty which is refreshing..."