Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#94 security hole squirrelmail mails real userid

closed-fixed
None
1
2005-05-22
2003-11-22
Douglas Campbell
No

When sending composed mail, Squirrelmail 1.4.2
generates a "Received" line which contains a valid
login id and may contain a valid internal network
address for the system upon which it is run. Such
information is useful to hackers and should not
generally be made public.

Possible solution is to modify code in
Deliver.class.php at or about line 260 to remove
generation of the "Received" line associated with the
"SquirrelMail authenticated user". Note that the MTA
will generate a separate "Received" line indicating
reception of the mail from SquirrelMail (using the less
sensitive userid "apache" and the MTA's translation of
its hostname); hence the SquirrelMail-generated
"Received" line is redundant.

Discussion

<< < 1 2 3 (Page 3 of 3)
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-05-11

    simple patch for stable

     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-05-22

    • status: open-fixed --> closed-fixed
     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-05-22

    Logged In: YES
    user_id=225877

    fixed in SquirrelMail 1.4.5cvs. Used patch is attached.

     
  • Tomas Kuliavas
    Tomas Kuliavas
    2005-05-22

    final patch

     
    Attachments
  • Philipp Kohl
    Philipp Kohl
    2007-07-30

    Logged In: YES
    user_id=1128943
    Originator: NO

    Using OneTimePadEncrypt to encrypt the header lets any user retrieve the value for the encode_header_key variable. As soon as the encrypted plaintext is known, (plain) ^ (crypt) shows the passwort.

     
<< < 1 2 3 (Page 3 of 3)