Linux Today: Linux News On Internet Time.

SquirrelMail Repository Poisoned with Critical Flaw

Dec 19, 2007, 15:15 (0 Talkback[s])

"At the end of last week the SquirrelMail development team placed a public announcement on their website, alerting readers that the primary download repository for SquirrelMail had been compromised, and at least two versions of the popular webmail application had been affected.

"While the modification was minor, a simple change to a PHP global variable, it led to the case where the compromised versions of SquirrelMail would allow arbitrary remote code execution..."

Complete Story

Related Stories: