lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jun 2003 12:22:04 +0400 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Jonathan Angliss <jon@...irrelmail.org> Subject: Re: Invalid SquirrelMail Exploit Dear Jonathan Angliss, This problem is related to imap-uw only. Of cause, this is not SquirrelMail bug. There is a set of "utilities" to manage files (list directories, retrieve files, remove files, create directories) via imap-uw directly: http://www.security.nnov.ru/search/news.asp?binid=2063 --Tuesday, June 24, 2003, 12:26:07 AM, you wrote to bugtraq@...urityfocus.com: JA> The file moving/deletion vulnerability would also appear to be an IMAP JA> dependant issue, as you cannot access arbitrary files from other IMAP JA> servers, as other IMAP servers don't appear to treat all files JA> equally. JA> [1] http://www.securityfocus.com/bid/7952 JA> [2] http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 JA> [3] http://www.squirrelmail.org/about.php -- ~/ZARAZA Впрочем, важнее всего - алгоритм! (Лем)
Powered by blists - more mailing lists