[imp] security issue

test account user1 at benmaytestbox.bsd.uchicago.edu
Fri Feb 13 10:25:16 PST 2004


I am using php 4.3.4, apache 2.0.48 imap uw 2002e, perl 5.8.2
horde 2.2.4
imp 3.2.2
solaris 9
&
I can not get the security issue described below to work.
UW was brought up earlier in the list as the imap server with this security
issue 
but I can not get it to work. 
I guess this is good. 


SIDE NOTE: Sorry for the lame email address 

-Ian 

Quoting Dan Williamson <dwilliamson at uesiglo21.edu.ar>:

> We are using imp 3.0, PHP 4.1.2, horde 2.0 and perl 5.6.1
> 
> To see if you are vulnerable and can see arbitrary files just log in as a
> user to your webmail. Then use the line:
> 
> http://  or  https:// <yourwebmailserver>
> /horde/imp/mailbox.php?mailbox=../../../../../../../etc/passwd
> 
> 
> 
> ----- Original Message ----- 
> From: "test account" <user1 at benmaytestbox.bsd.uchicago.edu>
> To: "Dan Williamson" <dwilliamson at uesiglo21.edu.ar>
> Cc: <imp at lists.horde.org>
> Sent: Friday, February 13, 2004 1:39 PM
> Subject: Re: [imp] security issue
> 
> 
> > I was not able to get your security hole to work??
> > Could you please explain how it works.
> >
> > -Ian
> >
> > Quoting Dan Williamson <dwilliamson at uesiglo21.edu.ar>:
> >
> > >
> > >
> > > How are people solving the issue of being able to read arbitrary files
> on the
> > > host system?
> > >
> > > For instance,
> > >
> > >
> >
>
https://webmail.yoursite.org/horde/imp/mailbox.php?mailbox=../../../../../../../etc/passwd
> > >
> > >
> > > or even
> > >
> > > https://webmail.yoursite.org/horde/imp/mailbox.php?mailbox=/etc/passwd
> > >
> > > will list the password file or any other file with either world read or
> > > logged-in user read priviledges.
> > >
> > > The use of
> > >
> > >
> >
>
https://webmail.yoursite.org/horde/admin/css/index.php?file=arbitrary_path_and_file
> > >
> > > will provide the same without a valid login.
> > >
> > > Anyone know the easiest way to avoid this behavior? Are there updates to
> > > apply?
> > >
> > > thanks and please respond to:
> dwilliamson@<removespamtrap>uesiglo21.edu.ar
> > > -- 
> > > IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
> > > Frequently Asked Questions: http://horde.org/faq/
> > > To unsubscribe, mail: imp-unsubscribe at lists.horde.org
> > >
> > >
> >
> >
> >
> 
> 




More information about the imp mailing list