[imp] BUG?
Albert
albert at mentes.org
Sun Jan 11 08:38:38 PST 2004
At 17:09 11/01/2004, you wrote:
>On Sat, 10 Jan 2004 22:48:22 -0500, Chuck Hagenbuch <chuck at horde.org> wrote:
>
> >mailbox.php?mailbox=/etc/passwd
>
>Argh. That happens on my box, too, using the default Fedora IMAP server. How
>should I lock it down to prevent it?
Hello,
If you use Apache, You can use the mod_security:
http://www.modsecurity.org/
In the mod_security section in my httpd.conf I prevent it at this way:
SecFilter mailbox=/ "redirect:https://webmail.host.org"
P.D. You must make more filters to prevent path traversal..etc...etc.... ;)
Regards,
Albert
Atención: La información contenida en la presente transmisión es
confidencial y su uso únicamente está permitido a su(s) destinatario(s). Si
Ud. no es la persona destinataria de la presente transmisión, rogamos nos
lo comunique de manera inmediata y destruya cualquier copia de la misma
(tanto digitales como en papel).
Please Note: The information contained in this transmission is confidential
and is intended only for the use of the addressee(s). If you are not the
designated recipient of this transmission, please advise us immediately and
destroy any copies (digital and paper).
More information about the imp
mailing list