Bugtraq mailing list archives
Re: Horde library Bug part 2
From: John Riddoch <jr () scms rgu ac uk>
Date: Tue, 19 Sep 2000 17:13:51 +0100
Fix: Best solution would be generally not to pass vars to popen(), but rather opening the pipe to Sendmail by calling popen("$default->path_to_Sendmail -t) and putting all available information into the mail header. This requires some extra checking and converting, but secures the system a lot.
There's an update available which should be a more complete fix; from http://horde.org/imp : The Horde team announces the availability of IMP 2.2.2 -- this version is "part 2" to a security vulnerability present in 2.2.0 (and earlier "pre" releases) that was only partially fixed in 2.2.1. Users of IMP 2.2 on production systems are STRONGLY ENCOURAGED to upgrade. -- John Riddoch Email: jr () scms rgu ac uk Telephone: (01224)262721 http://www.scms.rgu.ac.uk/staff/jr/ Theists think all gods but theirs are false. Atheists simply don't make an exception for the last one.
Current thread:
- Horde library Bug part 2 Steube, Jens (Sep 18)
- Message not available
- Re: [imp] FW: Horde library Bug part 2 Chuck Hagenbuch (Sep 19)
- Message not available
- <Possible follow-ups>
- Re: Horde library Bug part 2 John Riddoch (Sep 19)