Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Horde library Bug part 2
From: John Riddoch <jr () scms rgu ac uk>
Date: Tue, 19 Sep 2000 17:13:51 +0100

Fix:            Best solution would be generally not to pass vars to
               popen(), but rather opening the pipe to Sendmail by calling
               popen("$default->path_to_Sendmail -t)
               and putting all available information into the mail header.
               This requires some extra checking and converting, but
               secures the system a lot.

There's an update available which should be a more complete fix; from
http://horde.org/imp :

The Horde team announces the availability of IMP 2.2.2 -- this version is
"part 2" to a security vulnerability present in 2.2.0 (and earlier "pre"
releases) that was only partially fixed in 2.2.1. Users of IMP 2.2 on
production systems are STRONGLY ENCOURAGED to upgrade.

John Riddoch    Email: jr () scms rgu ac uk     Telephone: (01224)262721
Theists think all gods but theirs are false.  Atheists simply don't make
an exception for the last one.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]