Security

1.4.12 and 1.4.11 Package Compromise

Date:

2007-12-13

Description:

The SquirrelMail packages of 1.4.12 and 1.4.11 were externally modified after release through a cracked sourceforge.net developer account. The inserted code can allow for remote PHP code execution in many environments. Updated packages have been published as well as a 1.4.13 version to solve any confustion.

Affected Versions:

1.4.11&12

Register Globals:

Register_globals does not have to be on for this issue.

CVE ID(s):

CVE-2007-6348

Patch:

n/a

Credits:

This page last updated:

2007-12-15 10:15:00