Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Horde library Bug part 2
From: John Riddoch <jr () scms rgu ac uk>
Date: Tue, 19 Sep 2000 17:13:51 +0100

Fix:            Best solution would be generally not to pass vars to
               popen(), but rather opening the pipe to Sendmail by calling
               popen("$default->path_to_Sendmail -t)
               and putting all available information into the mail header.
               This requires some extra checking and converting, but
               secures the system a lot.

There's an update available which should be a more complete fix; from
http://horde.org/imp :

The Horde team announces the availability of IMP 2.2.2 -- this version is
"part 2" to a security vulnerability present in 2.2.0 (and earlier "pre"
releases) that was only partially fixed in 2.2.1. Users of IMP 2.2 on
production systems are STRONGLY ENCOURAGED to upgrade.


--
John Riddoch    Email: jr () scms rgu ac uk     Telephone: (01224)262721
http://www.scms.rgu.ac.uk/staff/jr/
Theists think all gods but theirs are false.  Atheists simply don't make
an exception for the last one.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]