Security hole #3: zlib plugin allows opening any gziped mboxes
30 Mar
2007
30 Mar
'07
5:46 p.m.
zlib plugin allows opening gzipped mboxes as read-only mailboxes. However when using it, the mailbox name checks are bypassed so it's possible to open for example "../otheruser/somefile.gz". Only valid gzipped mbox files can be opened, and only if their name ends with ".gz". You can fix this by upgrading to v1.0.rc29 (available soon) or with this patch: http://dovecot.org/list/dovecot-cvs/2007-March/008488.html I don't think this matters much though. zlib plugin is rarely used, and those who do use it are probably using Dovecot with systems users (per-user UIDs), so the imap process wouldn't have access to other users' mbox files anyway. I found this problem when I was cleaning up the code in CVS HEAD.
6461
Age (days ago)
6461
Last active (days ago)
0 comments
1 participants
participants (1)
-
Timo Sirainen