paul-w
Verified User
I updated DA today to the latest 1.48.3 and Apache to 2.4.16 using custombuild.
What prompted this was some spam sucking scum pushed 23,500 messages through one of my user's Squirrelmail account. They don't use Squirrelmail.
Yes, my fault. Should have patched more regularly.
Not sure if the attacker just obtained the user's credentials, exploited a vulnerability in something other than Squirrelmail or - and this is the point of this post - exploited a vulnerability in Squirrelmail itself.
I can't find any high vulnerabilities listed for Squirrelmail and I was running the latest, 1.4.22. The latest is from July 2011 I notice.
I've now uninstalled it. None of my users used it.
What prompted this was some spam sucking scum pushed 23,500 messages through one of my user's Squirrelmail account. They don't use Squirrelmail.
Yes, my fault. Should have patched more regularly.
Not sure if the attacker just obtained the user's credentials, exploited a vulnerability in something other than Squirrelmail or - and this is the point of this post - exploited a vulnerability in Squirrelmail itself.
I can't find any high vulnerabilities listed for Squirrelmail and I was running the latest, 1.4.22. The latest is from July 2011 I notice.
I've now uninstalled it. None of my users used it.