[imp] BUG?

Albert albert at mentes.org
Sun Jan 11 08:38:38 PST 2004


At 17:09 11/01/2004, you wrote:
>On Sat, 10 Jan 2004 22:48:22 -0500, Chuck Hagenbuch <chuck at horde.org> wrote:
>
> >mailbox.php?mailbox=/etc/passwd
>
>Argh.  That happens on my box, too, using the default Fedora IMAP server. How
>should I lock it down to prevent it?

Hello,
If you use Apache, You can use the mod_security:

http://www.modsecurity.org/

In the mod_security section in my httpd.conf I prevent it at this way:

SecFilter mailbox=/ "redirect:https://webmail.host.org"

P.D. You must make more filters to prevent path traversal..etc...etc.... ;)

Regards,
Albert

Atención: La información contenida en la presente transmisión es 
confidencial y su uso únicamente está permitido a su(s) destinatario(s). Si 
Ud. no es la persona destinataria de la presente transmisión, rogamos nos 
lo comunique de manera inmediata y destruya cualquier copia de la misma 
(tanto digitales como en papel).

Please Note: The information contained in this transmission is confidential 
and is intended only for the use of the addressee(s). If you are not the 
designated recipient of this transmission, please advise us immediately and 
destroy any copies (digital and paper).



More information about the imp mailing list