FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

SquirrelMail -- Plug-ins compromise

Affected packages
2.3.4 <= squirrelmail-multilogin-plugin < 2.3.4_2

Details

VuXML ID 0d0237d0-7f68-11de-984d-0011098ad87f
Discovery 2009-07-31
Entry 2009-08-02

Problem Description:

The SquirrelMail Web Server has been compromised, and three plugins are affected.

The port of squirrelmail-sasql-plugin is safe (right MD5), and change_pass is not in the FreeBSD ports tree, but multilogin has a wrong MD5.

References

URL http://sourceforge.net/mailarchive/message.php?msg_name=4A727634.3080008%40squirrelmail.org
URL http://squirrelmail.org/index.php