[34596] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Squirrelmail Chpasswod bof

daemon@ATHENA.MIT.EDU (Jonathan Angliss)
Mon Apr 19 18:30:37 2004

Date: Sat, 17 Apr 2004 16:31:33 -0500
From: Jonathan Angliss <jon@squirrelmail.org>
Message-ID: <929693338.20040417163133@netdork.net>
To: Matias Neiff <matias@neiff.com.ar>
Cc: bugtraq@securityfocus.com
In-Reply-To: <200404170420.32857.matias@neiff.com.ar>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello Matias,
On Saturday, April 17, 2004, Matias Neiff wrote...

> There is a boffer over flow in the chpasswd binary, distributed with the
> plugin. This allow to local's user to execute commands as a root.

It should be noted that while this is a plugin for SquirrelMail, it is
not distributed as part of the SquirrelMail installation, and
generally not supported by the SquirrelMail development team. However,
due to the issue, we are looking into correcting this problem.

-- 
Jonathan Angliss
(jon@squirrelmail.org)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[34596] in bugtraq

Re: Squirrelmail Chpasswod bof

daemon@ATHENA.MIT.EDU (Jonathan Angliss)Mon Apr 19 18:30:37 2004

daemon@ATHENA.MIT.EDU (Jonathan Angliss)
Mon Apr 19 18:30:37 2004