Menu

#94 security hole squirrelmail mails real userid

closed-fixed
None
1
2005-05-22
2003-11-22
No

When sending composed mail, Squirrelmail 1.4.2
generates a "Received" line which contains a valid
login id and may contain a valid internal network
address for the system upon which it is run. Such
information is useful to hackers and should not
generally be made public.

Possible solution is to modify code in
Deliver.class.php at or about line 260 to remove
generation of the "Received" line associated with the
"SquirrelMail authenticated user". Note that the MTA
will generate a separate "Received" line indicating
reception of the mail from SquirrelMail (using the less
sensitive userid "apache" and the MTA's translation of
its hostname); hence the SquirrelMail-generated
"Received" line is redundant.

Discussion

<< < 1 2 3 (Page 3 of 3)
  • Tomas Kuliavas

    Tomas Kuliavas - 2005-05-11

    simple patch for stable

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2005-05-22
    • status: open-fixed --> closed-fixed
     
  • Tomas Kuliavas

    Tomas Kuliavas - 2005-05-22

    Logged In: YES
    user_id=225877

    fixed in SquirrelMail 1.4.5cvs. Used patch is attached.

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2005-05-22

    final patch

     
  • Philipp Kohl

    Philipp Kohl - 2007-07-30

    Logged In: YES
    user_id=1128943
    Originator: NO

    Using OneTimePadEncrypt to encrypt the header lets any user retrieve the value for the encode_header_key variable. As soon as the encrypted plaintext is known, (plain) ^ (crypt) shows the passwort.

     
<< < 1 2 3 (Page 3 of 3)

Log in to post a comment.