MacTech | The journal of Apple technology.
Squirrelmail Squirrelmail version 1.4.10a : Security The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. 8 CVE-2009-2964: 352: CSRF 2009-08-25: 2017-09-18 MacTech | The journal of Apple technology. Figure 8. SquirrelMail default attachment size . Uploading large files via a web browser on OS X doesn't really offer much in the way of a progress indicator, and if the connection's slow (like dialup) or flaky (like dialup over a Bluetooth modem connection), then there's always the risk that the SquirrelMail user … Axigen Mail Server - Integrating Axigen with SquirrelMail An example of the above steps, corresponding to a Linux OS (Debian) and version 1.4.20 of SquirrelMail, would be: tar -xzvf squirrelmail-1.4.20.tar.gz mkdir webmail/ cp -Rv squirrelmail-1.4.20/* webmail/ mv webmail/ /var/www/ It is very important to make sure that the contents of this folder are accessible by the user running the web server GLSA-200708-08 : SquirrelMail G/PGP plugin: Arbitrary code
308 - Fix bug in sitewide SMTP settings still using authenticated user, rather 309 than configured settings (#1835942). 310 - Fixed mailto: functionality. 311 - Added mailto: link handling when viewing messages. 312 - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions 313 (#1829098).
On 2018年10月31日 10:06, James B. Byrne via squirrelmail-users wrote: > > > On Wed, October 31, 2018 11:45, James B. Byrne via squirrelmail-users > wrote: >> This is ridiculous. How To Configure ISP Mail Server With Virtual Users/Domain
308 - Fix bug in sitewide SMTP settings still using authenticated user, rather 309 than configured settings (#1835942). 310 - Fixed mailto: functionality. 311 - Added mailto: link handling when viewing messages. 312 - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions 313 (#1829098).
Description: A vulnerability was reported in SquirrelMail. A remote authenticated user can execute arbitrary commands on the target system. The initStream() function in 'Deliver_SendMail.class.php' does not properly validate user-supplied input before making a popen() call. I am running squirrelmail 1.4.2 on Redhat Linux ES 2.1 We are seeing problems where mail sent by one user appears to come from a different user. This is NOT the case where several users share one machine. Here are the first Sendmail "Received:" headers from three separate messages, sent by three different users. Interface programming mistakes usually can exploited only by authenticated user. They can lead to hijacking of other users' data or executing scripts with web server user privileges. SquirrelMail developers are trying to prevent such exploits. If you find some way to security of SquirrelMail scripts, inform about it SquirrelMail developers. (SquirrelMail authenticated user adrian.hada) by