• info
• discussion
• exploit
• solution
• references

SquirrelMail SquirrelSpell Remote Shell Command Execution Vulnerability

Solution:
The author of SquirrelSpell has released a patch.

Additionally, this issue was addressed in version 0.3.6 of SquirrelSpell, which ships with SquirrelMail 1.2.4. A number of other issues have been addressed in more recent versions of SquirrelSpell and SquirrelMail. Users are advised to upgrade.


SquirrelMail SquirrelSpell 0.3.5

• Konstantin Riabitsev security_fix.sh
  http://www.dulug.duke.edu/~icon/misc/security_fix.sh.txt


• SquirrelMail squirrelmail-1.2.6
  http://www.squirrelmail.org/download.php