FreeBSD : SquirrelMail -- Plug-ins compromise (0d0237d0-7f68-11de-984d-0011098ad87f)

high Nessus Plugin ID 40460

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The SquirrelMail Web Server has been compromised, and three plugins are affected.

The port of squirrelmail-sasql-plugin is safe (right MD5), and change_pass is not in the FreeBSD ports tree, but multilogin has a wrong MD5.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?8bfb8b5a

http://squirrelmail.org/index.php

http://www.nessus.org/u?59ae4bd7

Plugin Details

Severity: High

ID: 40460

File Name: freebsd_pkg_0d0237d07f6811de984d0011098ad87f.nasl

Version: 1.10

Type: local

Published: 8/3/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:squirrelmail-multilogin-plugin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/2/2009

Vulnerability Publication Date: 7/31/2009