From: Marc G. K. <ma...@sq...> - 2003-06-23 19:08:44
|
Brian G. Peterson zei: > I saw this in the linux rollup of the weekly Bugtraq messages. I thoug= ht > someone should check it out and respond, as well as making sure that SM > 1.4.0 and the STABLE and DEVEL branches are not affected. > > I looked though my bugtraq archive, and searched online, and can't find > this > bugtraq message at all. Is this a re-hash of the stuff that was report= ed > on > Bugtraq in March/April? > > More information about this is available at the URL below. > > - Brian Peterson > > --- Relevant portions here: --- > 21. Squirrelmail Multiple Remote Vulnerabilities > BugTraq ID: 7952 > Remote: Yes > Date Published: Jun 17 2003 12:00AM > Relevant URL: > http://www.securityfocus.com/bid/7952 Ok I inpected the exploit and in SM 1.4 the exploit isn't there. I don't have SM 1.2.x anymore so i didn't check the older versions. The exploit had to do with setting move_messages GET vars. Current Squirrelmail versions retrieve those vars through POST so the vulnarability dissapeared. Regards, Marc Groot Koerkamp. |