Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - SquirrelMail Repository Poisoned->

Submitted by
SkiifGeek
SkiifGeek writes "Late last week the SquirrelMail team posted information on their site about a compromise to the main download repository for SquirrelMail that resulted in a critical flaw being introduced into two versions of the webmail application (1.4.11 and 1.4.12).

After gaining access to the repository through a release maintainer's compromised account (it is believed), the attackers made a slight modification to the release packages, modifying how a PHP global variable was handled. As a result, it introduced a remote file inclusion bug — leading to an arbitrary code execution risk on systems running the vulnerable versions of SquirrelMail.

The poisoning was identified after it was reported to the SquirrelMail team that there was a difference in MD5 signatures for version 1.4.12.

Version 1.4.13 is now available."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

SquirrelMail Repository Poisoned

Comments Filter:

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...