Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - SquirrelMail package compromise InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SquirrelMail package compromise

Published: 2007-12-14
Last Updated: 2007-12-14 11:28:49 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

The SquirrelMail project has posted a notice on their website stating they have found an unofficial modification in the packages for version 1.4.12. They believe this change to have been made through a release maintainer's compromised account.

They are still investigating the changes, which appear to result in an error and do not seem to lead to system compromise. However, they have restored the original, verified packages to Sourceforge. Users having implemented version 1.4.12 of Squirrelmail after December 8th are strongly advised to redownload and reinstall the package.

Thanks to Peter for bringing this to our attention.

0 comment(s)
Diary Archives