SquirrelMail contains a flaw in its S/MIME plug-in certificate handling routines which may allow arbitrary code to be remotely executed.
From the SquirrelMail web page:
A remote attacker may be able to supply arbitrary code to be executed in the call to exec() with the privileges of the web server.
Apply an update
Thanks to iDefense for reporting this vulnerability, who in turn credit Karol Wiesek with the discovery of the flaw
|Date First Published:||2005-02-09|
|Date Last Updated:||2005-02-10 22:10 UTC|