Bug#198560: uw-imapd: uw-imapd operates on any file in the filesytem, not just mailboxes

To: submit@bugs.debian.org
Subject: Bug#198560: uw-imapd: uw-imapd operates on any file in the filesytem, not just mailboxes
From: Chris Ruvolo <chris+debbts@ruvolo.net>
Date: Mon, 23 Jun 2003 15:53:10 -0700
Message-id: <[🔎] 20030623225310.GI8061@ruvolo.net>
Reply-to: Chris Ruvolo <chris+debbts@ruvolo.net>, 198560@bugs.debian.org

Package: uw-imapd
Version: 4:2001adebian-6
Severity: grave
Tags: security, woody

uw-imapd and uw-imapd-ssl are insecure by default.  They allow a logged in
user to retrieve or manipulate any file on the filesystem.  This was
discovered as a squirrelmail bug, but is actually a UW-IMAP bug.  The
exploits do not work on other IMAP servers.

Note: This is only relevant on systems where users are not supposed to have
shell access (ie email-only users).  Other users would be able to access
these files anyway.

More information is here:

  http://www.securityfocus.com/bid/7952/exploit/

See this Squirrelmail-devel thread:

  http://sourceforge.net/mailarchive/forum.php?thread_id=2641998&forum_id=7139

The UW-IMAP FAQ says that this is a known issue and reccomends a
compile-time option to env_unix.c, setting "restrictBox" to prevent allowing
users to access / and .. :

  http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1

Please change this option for uw-imapd and uw-imapd-ssl.

Thank you,
-Chris

Reply to:

Prev by Date: Re: pppoe
Next by Date: apache with umask 002
Previous by thread: Re: pppoe
Next by thread: evolution
Index(es):
- Date
- Thread