10 lines
551 B
Plaintext
10 lines
551 B
Plaintext
$Id: SECURITY,v 1.1 2000/05/03 07:44:56 jakob Exp $
|
|
|
|
This port is not safe to use on a system which does not provide shell
|
|
access to users who can retrieve mail via IMAP. imapd contains buffer
|
|
overflows which a user can exploit after they have logged into imap to get
|
|
access to their account on the machine. If your imap users have shell
|
|
access anyway, this is not a significant vulnerability. There is also a
|
|
vulnerability wherein local users can prevent arbitrary POP2/3 mailboxes
|
|
from being opened, and force IMAP mailboxes to only open read-only.
|