SquirrelMail Server Compromised, Sourcecode Modified

News

Web Server Security

Phishing

Database Security

Application Server Security

Library

Vulnerability Archive

Secure Development

Web Services

Pen Test

AJAX

Application Firewalls

Main -> Internet Security News

TOPIC'S

Advertising

Old News

About

Resume

Contact

FAQ

Irc

Links

Books

Demos

Papers

Downloads

Advisories

Contributions

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

SquirrelMail Server Compromised, Sourcecode Modified

Posted 12/17/07 by Robert from the pwned like a noob department

According to the Squirrelmail website some of the packages available for download on their site had been modified by an outside intruder. If you are running 1.4.11 or 1.4.12 you are urged to upgrade immediately. From their site

"Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. "

News Link: http://www.squirrelmail.org/
Link to this Story: SquirrelMail Server Compromised, Sourcecode Modified
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed

Discuss this article Find Related Stories