Bugtraq mailing list archives
Re: IMAPD security problems ?
From: Ian_MacPhedran () MACKENZIE USASK CA (Ian MacPhedran)
Date: Thu, 4 Jul 1996 16:18:10 -0600
On Thu, 4 Jul 1996, Zvi Bar-Deroma wrote:
One or 2 months ago there were some discussions concerning possible vulnerabilities in POPd (+ a suggestion for a "safe" server). I wonder whether these (or any other) vulnerabilities are known to exist in IMAP (specifically the version available from the uni. of Washington, home of "pine"). I did check that a "simple" simulated crack fails - after 3 bad pw's the connection is closed and one has to reconnect. /Zvika
Well, I'm not sure if you'd count this a vulnerability or not, but IMAPD will allow users to read any files via their mailreader that they have permission to read. (E.g. they can see the /etc/passwd file on your mail server.) This might be a potential problem for places where they don't allow interactive logins, and feel that people can't see files because of that restriction. Ian. ---------------------------------------------------------------------------- Ian MacPhedran, Engineering Computer Centre, 2B13 Engineering Building, University of Saskatchewan, 57 Campus Drive, Saskatoon SK S7N 5A9, CANADA Phone: (306)966-4832 Fax: (306)966-5205 Email: Ian_MacPhedran () engr USask CA
Current thread:
- Re: Solaris mailx hole, (continued)
- Re: Solaris mailx hole Andy Dills (Jul 02)
- CD4300 series BUG DANIEL .D .EZEKIEL (Jul 02)
- Re: BoS: Re: Solaris mailx hole Travis Hassloch x231 (Jul 02)
- Re: Solaris mailx hole Dave Roberts (Jul 03)
- Re: Solaris mailx hole Andy Dills (Jul 03)
- [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 [Forwarded e-mail from Jeff Uphoff (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Michael Brennen (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Mark_W_Loveless () smtp bnr com (Jul 04)
- IIS bug test Paolo Taraboi (Jul 04)
- IMAPD security problems ? Zvi Bar-Deroma (Jul 04)
- Re: IMAPD security problems ? Ian MacPhedran (Jul 04)
- Re: Solaris mailx hole Josef Buergler (Jul 02)
- Re: Solaris mailx hole Rick Otten (Jul 03)