Forgot your password?
typodupeerror
Security

+ - SquirrelMail Repository Poisoned->

Submitted by
SkiifGeek
SkiifGeek writes "Late last week the SquirrelMail team posted information on their site about a compromise to the main download repository for SquirrelMail that resulted in a critical flaw being introduced into two versions of the webmail application (1.4.11 and 1.4.12).

After gaining access to the repository through a release maintainer's compromised account (it is believed), the attackers made a slight modification to the release packages, modifying how a PHP global variable was handled. As a result, it introduced a remote file inclusion bug — leading to an arbitrary code execution risk on systems running the vulnerable versions of SquirrelMail.

The poisoning was identified after it was reported to the SquirrelMail team that there was a difference in MD5 signatures for version 1.4.12.

Version 1.4.13 is now available."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

SquirrelMail Repository Poisoned

Comments Filter:

Life is a whim of several billion cells to be you for a while.

Working...