From owner-freebsd-security Mon Apr 17 18:33: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id DBB7D37B64F; Mon, 17 Apr 2000 18:33:01 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id SAA96704; Mon, 17 Apr 2000 18:33:01 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 17 Apr 2000 18:33:01 -0700 (PDT) From: Kris Kennaway To: "Michael S. Fischer" Cc: security@freebsd.org Subject: Re: Fw: Re: imapd4r1 v12.264 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 17 Apr 2000, Kris Kennaway wrote: > On Mon, 17 Apr 2000, Michael S. Fischer wrote: > > > This is the current version in the ports collection. Help! > > Briefly, the vulnerability seems to be that someone who has a mail account > on the server can get access to the user account which runs imapd. I don't > think it's something that can be exploited by an outsider, so it might be > that in your environment the threat is not significant. According to the message I just read on bugtraq by the vendor, it doesn't seem to be as bad as I described it above: imapd has dropped privileges by the time it hits the vulnerability, so exploiting it will only give access to the shell account of the user who has logged in to imap. This may still be a problem in some installations, i.e. if they don't provide shell access to their mail users on the imap server. Note that I haven't heard independent confirmation of the above, so it's subject to revision :-) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message