Paul Lesniewski wrote:
On 10/9/07, Tomas Kuliavas <tokul@xxxxxxxxxxxxxxxxxxxxx> wrote:
CentOS 4.5 w/ squirrelmail-1.4.8-4.0.1.el4.centos. Plugins are:
CVE-2006-6142, CVE-2007-1262, CVE-2007-2589. Please note that html
filtering functions must be patched to 1.4.10+ level. Having only 1.4.9a
patches is not enough. If changelog says that CVE-2006-6142 is fixed,
check functions/mime.php and make sure that it is similar to 1.4.10a file
and not to 1.4.9a file.
Yeah, the first thing you do when you have a problem like this is
ensure all your software is up to date. I am shocked the OP lets that
slip by.
Perhaps because it was two in the morning I didn't notice that 1.4.9a
was quite so old :/ It seems odd to me that the RHEL/CentOS team
wouldn't have a more up to date version. I'm sure that the CVE's are
patched though.
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. mpppolicygroup
5. quota_usage
Available Plugins:
6. translate
7. compatibility
8. spamcop
9. sent_subfolders
10. check_quota
Version of check_quota plugin? PHP register_globals setting?
Per some suggetions in the thread I was able to determine that they are
not using "mailto.php", but rather compose.php:
/var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500]
"GET /webmail/src/compose.php?mail_sent=yes HTTP/1.1" 200 37102
"http://webmail.terraworld.net/webmail/src/compose.php?mailbox=None&startMessage=0";
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
Wrong log entry. What you have in logs before this redirection is made in
SquirrelMail. This page only displays notice that message is send.
If you know ip of spammer, check all log entries from that ip address. You
must trace whole path. How do they log in? Is there a legit login for same
account at that time? Which pages are opened?
See the other, original thread about this. The OP should not be
creating duplicate threads with identical information in them.
It's all the same thread if you ask me. There were no newer messages in
the thread, and I just subscribed to the list, so I created a new
message with a link to the old thread in the mailing list archive, and
submitted my information.
However, after about 36 hours it still hadn't arrived on the list, and
someone else replied to the original thread, so I just jumped in.
Have you tried to protect your webmail traffic? Signed SSL certificate
costs less than 20 USD.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
--
squirrelmail-users mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
begin:vcard
fn:Nick Bright
n:Bright;Nick
org:Terra World Communications, LLC
adr:Suite #11;;200 ARCO Place;Independence;KS;67301;USA
email;internet:nick.bright@xxxxxxxxxxxxxx
title:Network Administrator
tel;work:888-332-1616
tel;fax:620-332-1201
x-mozilla-html:FALSE
url:http://home.terraworld.net
version:2.1
end:vcard
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
--
squirrelmail-users mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
