[MBT] new ticket for pkg squirrelmail "Squirrelmail exploitable"
bugs at pld-linux.org
bugs at pld-linux.org
Tue Dec 30 11:21:08 CET 2003
Date: 2003-12-30 11:21:07+01 Author: Michał Margula (AlchemyX) <alchemyx at pld-linux.org>
Title: Squirrelmail exploitable
Ticket ID: #803
Ticket URL: http://bugs.pld-linux.org/?bug=803
Package: squirrelmail-1.2.11-1
Distribution:
Category: security problem
Current state: opened
Text:
According to http://linux.oreillynet.com/pub/a/linux/2003/12/29/insecurities.html#squ
The web-based email client SquirrelMail is reported to be vulnerable to an attack that may result in arbitrary code being executed with the permissions of the user under which the web server is running. This vulnerability is reported to possibly affect GPG Plug-in version 1.1 and SquirrelMail version 1.4.0.
It is recommended that affected users upgrade to SquirrelMail 1.4.2, which was released in October of 2003.
More information about the pld-bugs
mailing list