linux, säkerhet

105646 2003-06-23  22:37  /40 rader/ Jonathan Angliss <jon@squirrelmail.org>
Importerad: 2003-06-23  22:37  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <5299>
Ärende: Invalid SquirrelMail Exploit
------------------------------------------------------------
Hi,

I'm writing to correct a fatal reporting that was posted to one of the
security focus mailing lists about SquirrelMail.  It discusses files
being accessible via the SquirrelMail website, and criticizes
SquirrelMail to be at fault.  The details for the exploit can be seen
on the bugtraq website [1].

Fortunately it is an invalid accusation. Even minor exploration would
point the issue to the imap server itself. I'd like to draw peoples
attention to the University of Washington's IMAP FAQ page [1], it
clearly describes details on accessing /etc/passwd as detailed in the
bugtraq item that was submitted.

I'd be grateful if that portion of the ticket was revoked as invalid,
as any testing performed with other IMAP servers such as Courier-IMAP,
or Cyrus all return no mailboxes.

The file moving/deletion vulnerability would also appear to be an IMAP
dependant issue, as you cannot access arbitrary files from other IMAP
servers, as other IMAP servers don't appear to treat all files
equally.

I am currently looking into the privilege escalation 'issue' that was
also posted as part of the bug.

Please note in future that any security related issues can be posted
to any member of the SquirrelMail leadership team [2], or any of the
mailing lists.  We also have a dedicated mailing address for security
alerts at security@squirrelmail.org.

  [1] http://www.securityfocus.com/bid/7952
  [2] http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1
  [3] http://www.squirrelmail.org/about.php

-- 
Jonathan Angliss
(jon@squirrelmail.org)
(105646) /Jonathan Angliss <jon@squirrelmail.org>/--
105733 2003-06-24  19:36  /28 rader/ 3APA3A <3APA3A@SECURITY.NNOV.RU>
Importerad: 2003-06-24  19:36  av Brevbäraren
Extern mottagare: Jonathan Angliss <jon@squirrelmail.org>
Externa svar till: 3APA3A@SECURITY.NNOV.RU
Mottagare: Bugtraq (import) <5313>
Kommentar till text 105646 av Jonathan Angliss <jon@squirrelmail.org>
Ärende: Re: Invalid SquirrelMail Exploit
------------------------------------------------------------
Dear Jonathan Angliss,

This  problem  is  related  to  imap-uw  only.  Of  cause,  this  is
not SquirrelMail  bug.  There  is a set of "utilities" to manage
files (list directories,  retrieve  files,  remove  files,  create
directories) via imap-uw directly:

http://www.security.nnov.ru/search/news.asp?binid=2063

--Tuesday, June 24, 2003, 12:26:07 AM, you wrote to
bugtraq@securityfocus.com:


JA> The file moving/deletion vulnerability would also appear to be an
IMAP JA> dependant issue, as you cannot access arbitrary files from
other IMAP JA> servers, as other IMAP servers don't appear to treat
all files JA> equally.

JA>   [1] http://www.securityfocus.com/bid/7952
JA>   [2] http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1
JA>   [3] http://www.squirrelmail.org/about.php



-- 
~/ZARAZA
Âïðî÷åì, âàæíåå âñåãî - àëãîðèòì!  (Ëåì)
(105733) /3APA3A <3APA3A@SECURITY.NNOV.RU>/(Ombruten)