Date: Mon, 17 Apr 2000 18:44:46 -0700 From: "Michael S. Fischer" <michael@dynamine.net> To: "Kris Kennaway" <kris@FreeBSD.org> Cc: <security@FreeBSD.org> Subject: Re: Fw: Re: imapd4r1 v12.264 Message-ID: <00ae01bfa8d7$ad5188a0$7f00800a@corp.auctionwatch.com> References: <Pine.BSF.4.21.0004171830370.95722-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Apr 2000, Kris Kennaway wrote: > > > On Mon, 17 Apr 2000, Michael S. Fischer wrote: > > > > > This is the current version in the ports collection. Help! > > > > Briefly, the vulnerability seems to be that someone who has a mail account > > on the server can get access to the user account which runs imapd. I don't > > think it's something that can be exploited by an outsider, so it might be > > that in your environment the threat is not significant. > > According to the message I just read on bugtraq by the vendor, it doesn't > seem to be as bad as I described it above: imapd has dropped privileges by > the time it hits the vulnerability, so exploiting it will only give access > to the shell account of the user who has logged in to imap. This may still > be a problem in some installations, i.e. if they don't provide shell > access to their mail users on the imap server. > > Note that I haven't heard independent confirmation of the above, so it's > subject to revision :-) Are you saying that remotely giving access to the user's account isn't bad enough? In my environment, certain users have sudo access... --Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ae01bfa8d7$ad5188a0$7f00800a>