Bugtraq mailing list archives
Re: Vulnerability in HP OpenMail
From: richi () HP COM (Richi Jennings)
Date: Thu, 23 Apr 1998 14:31:07 +0100
dej wrote...
The good news is that mail users have their own Unix UIDs on the server. The real problem is situations where the sysadmin has denied users regular login access to the mail server, possibly by putting "*" in the password field. This is standard practice as a security measure. If you have done this on your OpenMail server, then you may want to check your security measures carefully - your users can get the equivalent of shell whether you allow it or not.
This is a generic issue with any program that permits shell escapes. It is generally-accepted good practice to set up UNIX users with an appropriately-configured restricted shell. Relying on a '*' in the password field is not sufficient--that only means "deny logon", not "deny arbitrary shell command." For even tighter security, the shell can be reset to /bin/true , but that would not of course allow a user to call lp. OpenMail administrators can also look into the OpenMail "print server" functionality, particularly the documentation on the general.cfg setting UAL_PRINT_SERVER_ONLY in the OpenMail Technical Guide. Regards, richi. -- Richi Jennings <richi () hp com> Phone: +44 (0)1344-365870 or HPT316-5870 OpenMail Outbound & Technical Pager: richi-beep () pwd hp com HP Communications Software Oper. UK http://www.hp.com/go/openmail
Current thread:
- NT configuration caution George (Apr 20)
- Re: NT configuration caution seifried () SEIFRIED ORG (Apr 20)
- lastx.c v2.0 Ryan (Apr 19)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Zacharopoulos Dimitris (Apr 21)
- New IE4 bug w/Active Desktop installed Brian Krahmer (Apr 21)
- Re: New IE4 bug w/Active Desktop installed Max Vision (Apr 21)
- Vulnerability in HP OpenMail David Jones (Apr 21)
- Re: Vulnerability in HP OpenMail Richi Jennings (Apr 23)
- smbmount problem? Chris Evans (Apr 21)
- Re: smbmount problem? Czako Krisztian (Apr 21)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Tim Newsham (Apr 21)
- hole in Inet Explorer Cacaio Torquato (Nov 04)
- Re: NT configuration caution David LeBlanc (Apr 22)
- Linux possible problem? Kyle McLerren (Apr 22)
- Vulnerability in OpenBSD, FreeBSD-stable lprm. Niall Smart (Apr 22)
- Re: NT configuration caution seifried () SEIFRIED ORG (Apr 20)