Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: Audit of pop3-Daemons
From: Chris Evans (chrisscary.beasts.org)
Date: Tue Dec 05 2000 - 11:08:01 CST
- Next message: Fred Cohen: "news and the startup scrips"
- Previous message: Stanislav Brabec: "Re: Secure creating of socketdir in /tmp"
- In reply to: Christian Kurz: "Audit of pop3-Daemons"
- Reply: Chris Evans: "Re: Audit of pop3-Daemons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 29 Nov 2000, Christian Kurz wrote:
> has there ever been an security audit against the source of
> pop3-daemons? I think popa3d should be fairly safe, as it was written by
> Solar Designer. But what about pop3-daemons like Courier, Cyrus,
> Solid-pop3d, pop3lite? Has anyone of them been audited against
> buffer-overflows or other vulnerabilites?
I've had a look at the infamous wu-imap package.
I've audited the thing up to the point where the remote user is
authenticated and root privs dropped. That's for imap, pop-2 and pop-3.
Looks ok, but you never know do you? (And this was many months ago).
pop-2 is a source of major concern because it has a "proxy" mode, which
basically forwards the pop connection, and parses server responses and
data under potentially malicious control.
This led to the "FOLD" remote vulnerability I found, as a quick example of
why the proxy was a bad idea.
If you run wu pop-2, and your vendor did not compile the package with
-DDISABLE_PROXY, then be very afraid!