From owner-freebsd-security  Thu Apr 27  2:24: 1 2000
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id 857C837B5E1; Thu, 27 Apr 2000 02:23:56 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id LAA62851;
	Thu, 27 Apr 2000 11:23:41 +0200 (CEST)
	(envelope-from des@flood.ping.uio.no)
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: Otterley <otterley@attrition.dynamine.net>,
	Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Robert Watson <rwatson@FreeBSD.ORG>,
	"Michael S. Fischer" <michael@dynamine.net>, security@FreeBSD.ORG
Subject: Re: Fw: Re: imapd4r1 v12.264 (fwd)
References: <Pine.BSF.4.21.0004211437250.40444-100000@freefall.freebsd.org>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 27 Apr 2000 11:23:40 +0200
In-Reply-To: Kris Kennaway's message of "Fri, 21 Apr 2000 14:39:44 -0700 (PDT)"
Message-ID: <xzpn1mfhp7n.fsf@flood.ping.uio.no>
Lines: 14
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kris Kennaway <kris@FreeBSD.ORG> writes:
> Basically, the bottom line is that imap-uw is not safe to use in an
> environment where you have users who you don't want to have shell access
> to your machine, but unfortunately there isn't much in the way of
> alternatives.

It's slightly more serious than that. The hole means you get shell
access using someone's mail password, which may be easy to retrieve
from the client machine's registry, MUA configuration file or what
have you.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message