[Imap-uw] Security bug in tmail and dmail

Mark Crispin markrcrispin at live.com
Fri Oct 31 10:43:03 PDT 2008

Previous message: [Imap-uw] Security bug in tmail and dmail
Next message: imap-2007d release (was Re: [Imap-uw] Security bug in tmail and dmail)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For the record, all sites running Panda IMAP (imap-2008) have already
replaced the vulnerable version of dmail (they did not run tmail). I've
updated the panda.com/imap page to reflect that UW now has these
fixes in its imap-2007d.

The tmail bug is by far the more serious of the two. Fortunately, as
Steve indicates, remote exploitation of the bug is blocked by sendmail.
Local exploitation by shell users is possible, and exploit code exists.
This is a root-compromise exploit.

The dmail problem is not locally exploitable since dmail runs as the
user. Whether it is remotely exploitable depends upon how well the
calling program (generally procmail) restricts its arguments. This has
not been investigated in the name of "fix any security bug whether or
not it is exploitable."

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.

_________________________________________________________________
You live life beyond your PC. So now Windows goes beyond your PC.
http://clk.atdmt.com/MRT/go/115298556/direct/01/

Previous message: [Imap-uw] Security bug in tmail and dmail
Next message: imap-2007d release (was Re: [Imap-uw] Security bug in tmail and dmail)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Imap-uw mailing list