|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Invalid SquirrelMail Exploit
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Tue Jun 24 2003 - 03:22:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Jonathan Angliss,
This problem is related to imap-uw only. Of cause, this is not
SquirrelMail bug. There is a set of "utilities" to manage files (list
directories, retrieve files, remove files, create directories) via
imap-uw directly:
http://www.security.nnov.ru/search/news.asp?binid=2063
--Tuesday, June 24, 2003, 12:26:07 AM, you wrote to bugtraqsecurityfocus.com:
JA> The file moving/deletion vulnerability would also appear to be an IMAP
JA> dependant issue, as you cannot access arbitrary files from other IMAP
JA> servers, as other IMAP servers don't appear to treat all files
JA> equally.
JA> [1] http://www.securityfocus.com/bid/7952
JA> [2] http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1
JA> [3] http://www.squirrelmail.org/about.php
--
~/ZARAZA
Впрочем, важнее всего - алгоритм! (Лем)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]