lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1155299169.21158.17.camel@darwin.os9.nl>
Date: Fri, 11 Aug 2006 14:26:09 +0200
From: Thijs Kinkhorst <kink@...irrelmail.org>
To: squirrelmail-announce@...ts.sourceforge.net
Cc: security@...ftech.org, vuln@...unia.com,
	bugtraq@...urityfocus.com
Subject: SquirrelMail 1.4.8 released - fixes variable overwriting attack

Hello all,

Today SquirrelMail version 1.4.8 has been released with a collection of
bugfixes and an important security fix. It was possible for an
authenticated user to overwrite random variables in the compose.php
script. This may open up possible attack vectors like reading or
overwriting a user's preference file or attachments.

We advise all current SquirrelMail users to upgrade. There's also a
patch available against 1.4.7. The interesting thing is that the
function that contained the flaw was actually broken. The function is
used to resume a compose session of a user that is confronted with a
session timeout after composing a long mail. We've got two patches
available: a minimal one which just removes the code, since it was
broken anyway, and a full version that repairs the functionality and
closes the hole.

SquirrelMail can be downloaded here:
http://www.squirrelmail.org/download.php
The patches can be found here:
http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-minimal.patch
http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
They also apply against the current development version.

We'd like to thank James Bercegay of GulfTech Security Research for
finding this issue and reporting it to us.


Happy SquirrelMailing!


Thijs Kinkhorst
on behalf of the SquirrelMail team

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ