Date: 27 Apr 2000 11:23:40 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Otterley <otterley@attrition.dynamine.net>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Robert Watson <rwatson@FreeBSD.ORG>, "Michael S. Fischer" <michael@dynamine.net>, security@FreeBSD.ORG Subject: Re: Fw: Re: imapd4r1 v12.264 (fwd) Message-ID: <xzpn1mfhp7n.fsf@flood.ping.uio.no> In-Reply-To: Kris Kennaway's message of "Fri, 21 Apr 2000 14:39:44 -0700 (PDT)" References: <Pine.BSF.4.21.0004211437250.40444-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kris@FreeBSD.ORG> writes: > Basically, the bottom line is that imap-uw is not safe to use in an > environment where you have users who you don't want to have shell access > to your machine, but unfortunately there isn't much in the way of > alternatives. It's slightly more serious than that. The hole means you get shell access using someone's mail password, which may be easy to retrieve from the client machine's registry, MUA configuration file or what have you. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpn1mfhp7n.fsf>