From: Steve P. <or...@de...> - 2004-12-31 01:15:08
|
Here is a good explanation. I am pretty sure SM v1.4.3a has protected the vulnerable calls (like pack(), unpack() and unserialize()). http://isc.sans.org/diary.php?date=2004-12-26 and http://isc.sans.org/diary.php?date=2004-12-25 -- Steve On Thu, 30 Dec 2004, p dont think wrote: > > I was wondering if SquirrelMail is vulnerable > > to the php explots that are making their way > > around the internet? > > You have to be more specific if you want details. SM has not had any > security reports in the past few weeks, and in some cases is better > written than some other "do it all" applications and so may not be > vulnerable. Please read http://squirrelmail.org/security/ and if > questions persist, include more specifics and/or try to break it yourself > and let us know how it goes. > > -paul > |