<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: Squirrelmail Chpasswod bof

Re: Squirrelmail Chpasswod bof

From: Jonathan Angliss <jon_at_squirrelmail.org>
Date: Sat, 17 Apr 2004 16:31:33 -0500

Hello Matias,
On Saturday, April 17, 2004, Matias Neiff wrote...

> There is a boffer over flow in the chpasswd binary, distributed with the
> plugin. This allow to local's user to execute commands as a root.

It should be noted that while this is a plugin for SquirrelMail, it is
not distributed as part of the SquirrelMail installation, and
generally not supported by the SquirrelMail development team. However,
due to the issue, we are looking into correcting this problem.

-- 
Jonathan Angliss
(jon_at_squirrelmail.org)

Received on Apr 19 2004

This message: [ Message body ]
Next message: Matt Zimmerman: "[SECURITY] [DSA 492-1] New iproute packages fix denial of service"
Previous message: Slackware Security Team: "[slackware-security] tcpdump denial of service (SSA:2004-108-01)"
In reply to: Matias Neiff: "Squirrelmail Chpasswod bof"
Next in thread: martin f krafft: "Re: Squirrelmail Chpasswod bof"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]