#94 security hole squirrelmail mails real userid

closed-fixed
None
1
2005-05-22
2003-11-22
Douglas Campbell
No

When sending composed mail, Squirrelmail 1.4.2
generates a "Received" line which contains a valid
login id and may contain a valid internal network
address for the system upon which it is run. Such
information is useful to hackers and should not
generally be made public.

Possible solution is to modify code in
Deliver.class.php at or about line 260 to remove
generation of the "Received" line associated with the
"SquirrelMail authenticated user". Note that the MTA
will generate a separate "Received" line indicating
reception of the mail from SquirrelMail (using the less
sensitive userid "apache" and the MTA's translation of
its hostname); hence the SquirrelMail-generated
"Received" line is redundant.

Discussion

<< < 1 2 3 > >> (Page 2 of 3)
    • assigned_to: centaurix --> nobody
    • status: open-accepted --> open
     
  • Logged In: YES
    user_id=915040

    Sounds good to me. I've downloaded your diff, will apply
    it, and observe what happens.

     
  • Erin Schnabel
    Erin Schnabel
    2004-03-28

    • assigned_to: nobody --> ebullient
     
  • Erin Schnabel
    Erin Schnabel
    2004-03-28

    • status: open --> open-fixed
     
    • priority: 5 --> 1
     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-02-04

    • labels: 102905 -->
     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-02-21

    Logged In: YES
    user_id=225877

    correction.

    onetimepadencrypt function can be used to encrypt userid.
    only passphrase is used instead of one time pad.

     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-05-11

    Logged In: YES
    user_id=225877

    Patch for 1.5.1cvs attached. Will write patch for stable
    version tomorrow.

    If you want to keep $skip_SM_header option, then mark it as
    unacceptable for stable version and use only
    hide_auth_header.diff for stable. $skip_SM_header=true is
    too dangerous to novice admins. Only mad people keep loaded
    guns next to children.

     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-05-11

    • assigned_to: ebullient --> tokul
     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-05-11

    patch for devel

     
<< < 1 2 3 > >> (Page 2 of 3)