PHP Exploit

Drew J. Como dcomo@bascom.com
Tue, 5 Mar 2002 11:18:05 -0500
Previous message: [imp] imp maintenance
Next message: [imp] PHP Exploit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
All,

I am running PHP 3.0 w/ IMP 2.2.7/Horde 1.2.7.
There is the newly found exploit in PHP regarding
file uploads.  Now, I know that you can 'upload'
files for attachments.  Does this mean that my
server needs to be patched or was the exploit
on just FORM="post" uploads?

Thanks :-)

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed." 



>From craig@CheetahUSA.net Date: Mon  March 04, 2002  05:34 PM
Return-Path: <sflorez@biapora.com>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 1433 invoked from network); 5 Mar 2002 16:23:36 -0000
Received: from unknown (HELO matrix.biapora.com) (200.68.133.118)
  by clark.horde.org with SMTP; 5 Mar 2002 16:23:36 -0000
Received: (from nobody@localhost)
	by matrix.biapora.com (8.11.1/linuxconf) id g25EbYR29286;
	Tue, 5 Mar 2002 11:37:34 -0300
Date: Tue, 5 Mar 2002 11:37:34 -0300
Message-Id: <200203051437.g25EbYR29286@matrix.biapora.com>
X-Authentication-Warning: matrix.biapora.com: nobody set sender to sflorez@biapora.com using -f
From: "Santiago Andres Florez V." <sflorez@biapora.com>
To: imp@lists.horde.org
X-Mailer: Nwebmail 0.1.79
MIME-Version: 1.0
Subject: RE: [imp] unable to send mail from IMP 2.2.7 

I have the same problem when I send me a email, but when I send a email to 
another server it´s found.

SAntiago FLorez


----- Original Message -----
Date: Mon  March 04, 2002  05:34 PM
From: Craig Burgess <craig@CheetahUSA.net>
To: imp@lists.horde.org
Subject: RE: [imp] unable to send mail from IMP 2.2.7 

Thanks, Mark -

Yep, file uploads needed to be turned back ON for outbound mail to
work. I thought of that, but dismissed it, "nah - sending plain
text mail without an attachment can't be a 'file upload'..."
Obviously I was wrong.

Craig (who might **finally** have all the basic pieces working)

> -----Original Message-----
> From: Mark Chitti [mailto:imp.list@markchitti.com]
> Sent: Sunday, March 03, 2002 12:05 PM
> To: imp@lists.horde.org
> Subject: Re: [imp] unable to send mail from IMP 2.2.7
>
>
> Make sure that you haven't turned file uploads off (in
> /etc/php.ini) if you are using a php version less than
> 4.0.6.  If you have (and you might have because of the
> hole in php) then you won't be able to send mail, since
> it is done via POST and turning off file uploads affects
> this (though it shouldn't.)
>
> Quoting daniel huhardeaux <daniel.huhardeaux@tootai.com>:
>
> >> Ben Elliston wrote:
> >>
> >>  >I am unable to send mail from IMP.  When I hit the
> "Send" button, the
> >>  >composition window is refreshed and I get a blank
> new message form to
> >>  >complete--the message being edited is lost and is
> never sent.
> >>  >...
> >>  >
> >>
>
>
> --
> IMP mailing list: http://horde.org/imp/
> Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
>

-- 
IMP mailing list: http://horde.org/imp/
Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe@lists.horde.org
Previous message: [imp] imp maintenance
Next message: [imp] PHP Exploit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]