Date: Sun, 16 Oct 2005 06:22:27 GMT From: Stefan Norman <stefan@hostcore.com.au> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/87508: option request for mail/imap-uw Message-ID: <200510160622.j9G6MRPF039717@www.freebsd.org> Resent-Message-ID: <200510160630.j9G6UFho079393@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 87508 >Category: ports >Synopsis: option request for mail/imap-uw >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Oct 16 06:30:15 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Stefan Norman >Release: FreeBSD 4.11-RELEASE / 5.4-RELEASE i386 >Organization: HostCore Australia >Environment: >Description: By default IMAP-UW will allow users to traverse the filesytem and access any file that they could access locally, including /etc/passwd etc. For providers giving out accounts for mail only this creates an unneccesary risk. See http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 for vendor description, it's simply insecurity by design. >How-To-Repeat: There are many methods to access this, here are two simple ones: Using squirrelmail see http://www.securityfocus.com/bid/7952 Using scripts from http://www.security.nnov.ru/files/imaptools.tgz imapget.c - to retrieve file via imap-uw, usage example: imapget imap.host.name /etc/passwd > passwd it should work for both text and binary files. >Fix: Change line 47 in src/osdep/unix/env_unix.c from: static short restrictBox = NIL; /* is a restricted box */ to: static short restrictBox = -1; /* is a restricted box */ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510160622.j9G6MRPF039717>