Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: SquirrelMail release 1.4.13 - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SquirrelMail release 1.4.13

The analysis of the Squirrelmail 1.4.12 code base is in, and it would look more serious than first thought. 1.4.11 would appear to have also been affected, so they have released 1.4.13 and have posted the following announcement:

Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server.

Details, and the updated bundles (please remember to check those MD5's and PGP sig's) at



89 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!