Re: Invalid SquirrelMail Exploit

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 06/24/03

Next message: Bjorn Tore Sund: "Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue"

Previous message: Sym Security: "[Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow"
In reply to: Jonathan Angliss: "Invalid SquirrelMail Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Jun 2003 12:22:04 +0400
To: Jonathan Angliss <jon@squirrelmail.org>

Dear Jonathan Angliss,

This problem is related to imap-uw only. Of cause, this is not
SquirrelMail bug. There is a set of "utilities" to manage files (list
directories, retrieve files, remove files, create directories) via
imap-uw directly:

http://www.security.nnov.ru/search/news.asp?binid=2063

--Tuesday, June 24, 2003, 12:26:07 AM, you wrote to bugtraq@securityfocus.com:

JA> The file moving/deletion vulnerability would also appear to be an IMAP
JA> dependant issue, as you cannot access arbitrary files from other IMAP
JA> servers, as other IMAP servers don't appear to treat all files
JA> equally.

JA> [1] http://www.securityfocus.com/bid/7952
JA> [2] http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1
JA> [3] http://www.squirrelmail.org/about.php

-- 
~/ZARAZA
ֲןנמקול, גאזםוו גסודמ - אכדמנטעל!  (ֻול)

Next message: Bjorn Tore Sund: "Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue"

Previous message: Sym Security: "[Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow"
In reply to: Jonathan Angliss: "Invalid SquirrelMail Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]