Brian G. Peterson zei: > I saw this in the linux rollup of the weekly Bugtraq messages. I thought > someone should check it out and respond, as well as making sure that SM > 1.4.0 and the STABLE and DEVEL branches are not affected. > > I looked though my bugtraq archive, and searched online, and can't find > this > bugtraq message at all. Is this a re-hash of the stuff that was reported > on > Bugtraq in March/April? > > More information about this is available at the URL below. > > - Brian Peterson > > --- Relevant portions here: --- > 21. Squirrelmail Multiple Remote Vulnerabilities > BugTraq ID: 7952 > Remote: Yes > Date Published: Jun 17 2003 12:00AM > Relevant URL: > http://www.securityfocus.com/bid/7952
Ok I inpected the exploit and in SM 1.4 the exploit isn't there. I don't have SM 1.2.x anymore so i didn't check the older versions. The exploit had to do with setting move_messages GET vars. Current Squirrelmail versions retrieve those vars through POST so the vulnarability dissapeared. Regards, Marc Groot Koerkamp. ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id)95 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
