Hi all, this is probably an old issue and has been talked about well before my time on this list. If that's the case, then I apologize for bringing it up again.
I just tried the Retina Network Security Scanner (v4.7.1) on a Raq3 and got the following security warning: Mail Servers: IMAP - University of WA 12.264 overflow ===================================== Description: Vulnerabilities have been found in COPY,LSUB,RENAME and FIND commands that could allow any attacker with a valid username/password combination to gain command shell access to the server where IMAPD is answering requests. Risk Level: High How To Fix: Upgrading to the latest version of IMAP will correct this as well as other vulnerabilities found in IMAP. Related Links: IMAP Information Center (http://www.washington.edu/imap/) CVE: CAN-2000-0284 BugtraqID: 1110 (http://www.securityfocus.com/bid/1110) I've seen the advisory in the past, but didn't think it was relevant for the Cobalt RaQs due to the crippled IMAP implementation. Can anyone shed more light on this matter and tell if we're affected by this problem or not? Thanks! -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
