IMAP security

To: debian-user@lists.debian.org
Subject: IMAP security
From: Antti Tolamo <antti@tola.org>
Date: Mon, 05 Nov 2001 01:15:11 +0200
Message-id: <[🔎] 5.1.0.14.2.20011105005544.05197ff0@sambatola>
In-reply-to: <[🔎] 20011104174043.B7356@gashuffer>
References: <[🔎] 3BE5174D.26487.B51B90@localhost> <[🔎] 3BE16182.9265.13365D8@localhost> <[🔎] 3BE5174D.26487.B51B90@localhost>


Just noticed something odd, not sure is this
a security problem or what.

I have Debian potato server for own use , where I few days
ago installed IMAP 4.7c-1 because WAP email reading PHP/WML script
from:

http://e-sphere.net/

needs it.



Just few minutes ago I tried to fetch mail from one account
using Windows Eudora 5.1. I was checking multiple
times imap box to see has one test message come there.

And surprise suddenny  I can seewhole contents
directory of /var/www from Eudora.

I can inspect invidual files,  inspect directories
through Eudora folders,  I even see who owns the files( but I'm not
sure is it group or owner).   Can't delete files or change them
however.

Antti

Reply to:

Follow-Ups:
- Re: IMAP security
  - From: "nate" <debian-user@aphroland.org>
- Re: IMAP security
  - From: "Jaldhar H. Vyas" <jaldhar@debian.org>

References:
- Re: Newbie comments & queries
  - From: "Ian Balchin" <fables@imaginet.co.za>
- Re: Newbie comments & queries
  - From: "Ian Balchin" <fables@imaginet.co.za>
- Re: Newbie comments & queries
  - From: Stephen Gran <gashuffer09@home.com>

Prev by Date: Re: newt.h ?
Next by Date: Re: startx problems
Previous by thread: Re: Newbie comments & queries
Next by thread: Re: IMAP security
Index(es):
- Date
- Thread