![]() I have tested with squirrelmail 1.4.7, and 1.4.8. The strange part is that this occures only in20 squirrelmail. This vulnerability could also be used in a cross-site scripting attack to hijack an authenticated users session. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. Hi,20 I am searching around to figure out why squirrelmail is sending out all my 20 mail in double ( twice ). An attacker could craft an email message to a SquirrelMail user which, when read by the user, could automatically send email from the users account to any address of the attackers choice. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. That is to say I think our users passwds have been compromised and the spammers are then sending out 100s of messages through Squirrelmail and Postfix. The problem is in -f$envelopefrom within the sendmail command line. The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy. We have seen quite a bit of user accounts that have been targeted by spammers. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. SquirrelMail allows authenticated users to control envelopefrom (Return-Path) address through the webmail web interface. ![]() The problem is in the Deliver_ with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other. To compose a new email in SquirrelMail webmail: Log in to your Domains dashboard. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |