Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 354 - Important new version SquirrelMail containing some fixes for security related issues
Summary: Important new version SquirrelMail containing some fixes for security related...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal
Assignee: Grant Goodyear (RETIRED)
URL:
Whiteboard:
Keywords: SECURITY
: 355 (view as bug list)
Depends on:
Blocks:
 
Reported: 2002-01-27 04:25 UTC by Ferry Meyndert
Modified: 2003-02-04 19:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ferry Meyndert 2002-01-27 04:25:25 UTC
SquirrelMail Web-based Mail Server Lets Remote Users Execute Arbitrary Code on
the Server 

Date:  Jan 25 2002
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.2.2
Description:  A vulnerability was reported in SquirrelMail webmail server. A
remote user can execute arbitrary commands on the server.

It is reported that the spell checker plugin (check_me.mod.php) allows a remote
user to specify commands to be executed on the server. The following type of URL
will reportedly trigger the vulnerability:

host/plugins/squirrelspell/modules/check_me.mod.php?SQSPELL_APP[blah]=wall%
20hello&sqspell_use_ app=blah&attachment_dir=/tmp&username_sqspell_data=plik
Impact:  A remote user can execute commands on the server with the privileges of
the web server.
Solution:  The vendor has released a fixed version (1.2.4), available at:

http://www.squirrelmail.org/download.php

ebuild doesnt need to be changed much. SOrry have to get too work now so i cant
 make a fixed ebuild. BUt if the bug isnt solved yet when i come back i make one.

Ferry Meyndert <m0rpheus@poseidon.mine.nu>
Comment 1 Mikael Hallendal (hallski) (RETIRED) gentoo-dev 2002-01-27 04:48:11 UTC
*** Bug 355 has been marked as a duplicate of this bug. ***
Comment 2 Ferry Meyndert 2002-01-27 16:51:47 UTC
1.2.4

# Copyright 1999-2001 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# Author Grant Goodyear <g2boojum@gentoo.org>

PLUGINS=${PN}_plugins-20010604
S=${WORKDIR}/${P}
HTTPD_ROOT="/usr/local/httpd/htdocs"

DESCRIPTION="Webmail for nuts!"

SRC_URI="http://prdownloads.sf.net/${PN}/${P}.tar.bz2
       
http://www.squirrelmail.org/countdl.php?fileurl=/archives/cvsroot/${PLUGINS}.tar.gz"
HOMEPAGE="http://www.squirrelmail.org"

DEPEND="dev-lang/php
        net-www/apache"

RDEPEND="virtual/imap"

src_compile() {
        #nothing to compile
        echo "Nothing to compile"
}

src_install () {
        dodir ${HTTPD_ROOT}/${P}
        dosym ${HTTPD_ROOT}/${P} ${HTTPD_ROOT}/${PN}
        cp -r . ${D}/${HTTPD_ROOT}/${P}
        cd ${D}/${HTTPD_ROOT}/${P}/plugins
        tar xvzf ${DISTDIR}/${PLUGINS}.tar
        for name in `ls *.tar.gz`
        do
                tar xvzf ${name}
        done
        cd ${D}/${HTTPD_ROOT}
        chown -R nobody.nobody ${P}
}
Comment 3 Ferry Meyndert 2002-01-27 16:54:27 UTC
bah thats the old one got something mixed up with saving. SO i will post the new
one soon. Argggh
Comment 4 Ferry Meyndert 2002-01-27 17:12:28 UTC
# Copyright 1999-2001 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# Author Grant Goodyear <g2boojum@gentoo.org>


PLUGINS=${PN}-20020127_1200-CVS
S=${WORKDIR}/${P}
HTTPD_ROOT="/usr/local/httpd/htdocs"

DESCRIPTION="Webmail for nuts!"

SRC_URI="http://prdownloads.sf.net/${PN}/${P}.tar.bz2
        
http://www.squirrelmail.org/countdl.php?fileurl=/archives/cvsroot/${PLUGINS}.tar.gz"
HOMEPAGE="http://www.squirrelmail.org"

DEPEND="dev-lang/php
        net-www/apache"

RDEPEND="virtual/imap"

src_compile() {
	#nothing to compile
	echo "Nothing to compile"
}

src_install () {
	dodir ${HTTPD_ROOT}/${P}
	dosym ${HTTPD_ROOT}/${P} ${HTTPD_ROOT}/${PN}
	cp -r . ${D}/${HTTPD_ROOT}/${P}
	cd ${D}/${HTTPD_ROOT}/${P}/plugins
	tar xvzf ${DISTDIR}/${PLUGINS}.tar
	for name in `ls *.tar.gz`
	do
		tar xvzf ${name}
	done
	cd ${D}/${HTTPD_ROOT}
	chown -R nobody.nobody ${P}
Comment 5 Grant Goodyear (RETIRED) gentoo-dev 2002-01-28 18:11:06 UTC
Added to portage; older versions removed.

Comment 6 Grant Goodyear (RETIRED) gentoo-dev 2002-01-28 18:13:01 UTC
I yanked the plugins because the current plugins come from a CVS snapshot.
I don't know how long they keep them available, so I decided not to
mess with them.