From owner-freebsd-security Mon Apr 17 20: 9:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from attrition.dynamine.net (dnai-216-15-97-113.cust.dnai.com [216.15.97.113]) by hub.freebsd.org (Postfix) with ESMTP id B5A7C37B804; Mon, 17 Apr 2000 20:09:35 -0700 (PDT) (envelope-from michael@dynamine.net) Received: from lucretia (host1.auctionwatch.com [64.14.25.32]) by attrition.dynamine.net (8.9.3/8.9.3) with SMTP id UAA28296; Mon, 17 Apr 2000 20:09:33 -0700 Message-ID: <013301bfa8e3$8521f160$7f00800a@corp.auctionwatch.com> From: "Michael S. Fischer" To: "Kris Kennaway" Cc: References: Subject: Re: Fw: Re: imapd4r1 v12.264 Date: Mon, 17 Apr 2000 20:09:32 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > On Mon, 17 Apr 2000, Michael S. Fischer wrote: > > > Are you saying that remotely giving access to the user's account isn't bad > > enough? In my environment, certain users have sudo access... > > No, I'm saying that in some (perhaps most) environments the user already > has shell access to the machine, so it's not a risk (if my interpretation > of the vulnerability is correct). If you have a machine which doesn't > allow shell access, but serves users with imap, then they can exploit the > vulnerability to gain shell access to the machine. Note that you need to > successfully log into an account on the imap server to exploit the > problem, which means knowing the password. Understood. Thanks for clearing that up, --Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message