SquirrelMail Server Compromised, Sourcecode Modified
According to the Squirrelmail website some of the packages available for download on their site had been modified by an outside intruder. If you are running 1.4.11 or 1.4.12 you are urged to upgrade immediately. From their site
"Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. "
News Link: http://www.squirrelmail.org/
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment