Date: Thu, 27 Apr 2000 12:42:22 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: security@FreeBSD.ORG Subject: Re: Fw: Re: imapd4r1 v12.264 (fwd) Message-ID: <Pine.BSF.4.21.0004271240320.213-100000@freefall.freebsd.org> In-Reply-To: <xzpn1mfhp7n.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 Apr 2000, Dag-Erling Smorgrav wrote:
> It's slightly more serious than that. The hole means you get shell
> access using someone's mail password, which may be easy to retrieve
> from the client machine's registry, MUA configuration file or what
> have you.
Well, that much is basically a given, it's just a correspondence with the
fact that under normal operating circumstances a person who does that
can read their email.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004271240320.213-100000>