From owner-freebsd-security  Thu Apr 27 12:42:25 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6D13737B681; Thu, 27 Apr 2000 12:42:22 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA00563;
	Thu, 27 Apr 2000 12:42:22 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Thu, 27 Apr 2000 12:42:22 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: security@FreeBSD.ORG
Subject: Re: Fw: Re: imapd4r1 v12.264 (fwd)
In-Reply-To: <xzpn1mfhp7n.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.21.0004271240320.213-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 27 Apr 2000, Dag-Erling Smorgrav wrote:

> It's slightly more serious than that. The hole means you get shell
> access using someone's mail password, which may be easy to retrieve
> from the client machine's registry, MUA configuration file or what
> have you.

Well, that much is basically a given, it's just a correspondence with the
fact that under normal operating circumstances a person who does that
can read their email.

Kris
----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message