URL:
<http://savannah.nongnu.org/bugs/?func=detailitem&item_id=15209>
Summary: It's possible to have an alias and an email-address
with the same name
Project: web-cyradm
Submitted by: None
Submitted on: Thu 12/15/05 at 10:28
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: security
Status: None
Privacy: Public
Assigned to: None
Originator Name: Roman Hochuli
Originator Email: [EMAIL PROTECTED]
Open/Closed: Open
Release: 0.5.4
Platform Version: None
Reproducibility: Every Time
Planned Release: None
Cyrus IMAP version: 2.2.x
PHP version: 4.3
Database type: MySQL 4.0
_______________________________________________________
Details:
It seems while creating an email-address is not checked if there is alread an
alias with the same name. This results in the situation that there is an alias
and an email-address with the same name.
If now somebody sends an email to that address the alias-recipients as well
as the account with that email-address receives that mail.
This raises quite some security questions...
_______________________________________________________
Carbon-Copy List:
CC Address | Comment
------------------------------------+-----------------------------
roman --DOT-- hochuli --AT-- nexellent --DOT-- ch | Originator Email
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?func=detailitem&item_id=15209>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch
_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm
