Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: SquirrelMail package compromise SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SquirrelMail package compromise

The SquirrelMail project has posted a notice on their website stating they have found an unofficial modification in the packages for version 1.4.12. They believe this change to have been made through a release maintainer's compromised account.

They are still investigating the changes, which appear to result in an error and do not seem to lead to system compromise. However, they have restored the original, verified packages to Sourceforge. Users having implemented version 1.4.12 of Squirrelmail after December 8th are strongly advised to redownload and reinstall the package.

Thanks to Peter for bringing this to our attention.


158 Posts
Dec 14th 2007

Sign Up for Free or Log In to start participating in the conversation!