Re: [SM-USERS] PHP exploit...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Here is a good explanation. I am pretty sure
SM v1.4.3a has protected the vulnerable calls
(like pack(), unpack() and unserialize()).

http://isc.sans.org/diary.php?date=2004-12-26
and
http://isc.sans.org/diary.php?date=2004-12-25

--
Steve

On Thu, 30 Dec 2004, p dont think wrote:

> > I was wondering if SquirrelMail is vulnerable
> > to the php explots that are making their way
> > around the internet?
>
> You have to be more specific if you want details.  SM has not had any
> security reports in the past few weeks, and in some cases is better
> written than some other "do it all" applications and so may not be
> vulnerable.  Please read http://squirrelmail.org/security/ and if
> questions persist, include more specifics and/or try to break it yourself
> and let us know how it goes.
>
>  -paul
>