hello,
I strongly advise anyone who has the mail/roundcube port or software
installed to be careful as it has a security bug (and I do not know
where to report it). It allows people to remotely place a trojan on
/tmp and use it. They do it like this:
213.96.25.30 - - [05/Mar/2009:19:22:14 +0100]
Zbigniew Szalbot wrote:
hello,
I strongly advise anyone who has the mail/roundcube port or software
installed to be careful as it has a security bug (and I do not know
where to report it). It allows people to remotely place a trojan on
/tmp and use it. They do it like this:
213.96.25.30 - -
On Mon, Mar 9, 2009 at 08:43, Brent Clark brentgclarkl...@gmail.com wrote:
Hiya
Have you notified and / or checked with the upstream authour (maybe the
mailinglist too)
Not really. It requires subscribing to a mailing list which I don't
have time to do at the moment.
--
Zbigniew Szalbot
Zbigniew Szalbot wrote:
hello,
I strongly advise anyone who has the mail/roundcube port or software
installed to be careful as it has a security bug (and I do not know
where to report it). It allows people to remotely place a trojan on
/tmp and use it. They do it like this:
213.96.25.30
On Mon, Mar 9, 2009 at 9:47 AM, Zbigniew Szalbot zszal...@gmail.com wrote:
On Mon, Mar 9, 2009 at 08:43, Brent Clark brentgclarkl...@gmail.com
wrote:
Hiya
Have you notified and / or checked with the upstream authour (maybe the
mailinglist too)
Not really. It requires subscribing to a
Hi there,
On Mon, Mar 9, 2009 at 10:50, Ross Cameron abal...@gmail.com wrote:
Surely an attempted cracking attempt on you're server warrants making time?
It does.
Without detailed reports of issues like this how is the vendor expected to
correct the problem?
Avoiding installing the code
On 03/09/09 6:05 AM, Zbigniew Szalbot wrote:
Hi there,
On Mon, Mar 9, 2009 at 10:50, Ross Cameronabal...@gmail.com wrote:
Surely an attempted cracking attempt on you're server warrants making time?
It does.
Without detailed reports of issues like this how is the vendor
Hello,
On Mon, Mar 9, 2009 at 15:54, Moti Levy levym...@gmail.com wrote:
portaudit is always usefull
Affected package: roundcube-0.2.a,1
Ah... my bad - I have had roundcube installed from sources, not from
port. That's why I didn't know. I use portaudit on daily bases. Many
thanks, though!