On Fri, 31 Dec 2004, Tomas Kuliavas wrote:
>
> >> > I was wondering if SquirrelMail is vulnerable
> >> > to the php explots that are making their way
> >> > around the internet?
> >>
> >> You have to be more specific if you want details. SM has not had any
> >> security reports in the past few we
>> > I was wondering if SquirrelMail is vulnerable
>> > to the php explots that are making their way
>> > around the internet?
>>
>> You have to be more specific if you want details. SM has not had any
>> security reports in the past few weeks, and in some cases is better
>> written than some oth
Here is a good explanation. I am pretty sure
SM v1.4.3a has protected the vulnerable calls
(like pack(), unpack() and unserialize()).
http://isc.sans.org/diary.php?date=2004-12-26
and
http://isc.sans.org/diary.php?date=2004-12-25
--
Steve
On Thu, 30 Dec 2004, p dont think wrote:
> > I was wonde
> I was wondering if SquirrelMail is vulnerable
> to the php explots that are making their way
> around the internet?
You have to be more specific if you want details. SM has not had any
security reports in the past few weeks, and in some cases is better
written than some other "do it all" applic
I was wondering if SquirrelMail is vulnerable
to the php explots that are making their way
around the internet?
At this point, most exploits go after the
File Inclusion flaw in php scripts, and it
sounds like SM uses that function.
I am waiting for Slackware to release a new
php package, but I mi
