[prev in list] [next in list] [prev in thread] [next in thread] 

List:       imp
Subject:    Re: [imp] BUG?
From:       Albert <albert () mentes ! org>
Date:       2004-01-11 16:38:38
Message-ID: 6.0.1.1.2.20040111173615.01d472e8 () 172 ! 26 ! 0 ! 5
[Download RAW message or body]

At 17:09 11/01/2004, you wrote:
>On Sat, 10 Jan 2004 22:48:22 -0500, Chuck Hagenbuch <chuck@horde.org> wrote:
>
> >mailbox.php?mailbox=/etc/passwd
>
>Argh.  That happens on my box, too, using the default Fedora IMAP server. How
>should I lock it down to prevent it?

Hello,
If you use Apache, You can use the mod_security:

http://www.modsecurity.org/

In the mod_security section in my httpd.conf I prevent it at this way:

SecFilter mailbox=/ "redirect:https://webmail.host.org"

P.D. You must make more filters to prevent path traversal..etc...etc.... ;)

Regards,
Albert

Atención: La información contenida en la presente transmisión es 
confidencial y su uso únicamente está permitido a su(s) destinatario(s). Si 
Ud. no es la persona destinataria de la presente transmisión, rogamos nos 
lo comunique de manera inmediata y destruya cualquier copia de la misma 
(tanto digitales como en papel).

Please Note: The information contained in this transmission is confidential 
and is intended only for the use of the addressee(s). If you are not the 
designated recipient of this transmission, please advise us immediately and 
destroy any copies (digital and paper).


-- 
IMP mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe@lists.horde.org

[prev in list] [next in list] [prev in thread] [next in thread]