Just after phpbb website has been
compromised (see the detailed explication on this
blog,
another big problem just appeared, this time on
squirrelmail:
SECURITY: Plugins Security Alert
Feb 05, 2009 by Paul Lesniewski
We are sorry to announce that we've had a security breach with our plugins system. An attacker uploaded at least
four modified plugin packages, which we have since rectified. If you have downloaded any of the following
plugins since January 17, 2009, you should immediately replace them (download them again):
AnnotateMore Server and Mailbox Annotations version 0.2
CAPTCHA version 1.1
Change LDAP Password version 2.2
Sieve Mail Filters version 1.9.7
ouch ! Squirrelmail does not give much details on the impact, but given
that these plugins can touch passwords, that can be very bad …