From owner-doc-jp@jp.freebsd.org  Sun May 14 21:03:03 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id VAA16654;
	Sun, 14 May 2000 21:03:03 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from smtp01.246.ne.jp (smtp01.246.ne.jp [210.253.192.35])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id VAA16649
	for <doc-jp@jp.freebsd.org>; Sun, 14 May 2000 21:03:03 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: (qmail 12952 invoked by alias); 14 May 2000 21:03:02 +0900
Message-ID: <20000514120302.12951.qmail@smtp.246.ne.jp>
Received: (qmail 12942 invoked from network); 14 May 2000 21:03:01 +0900
Received: from tp4hr085.246.ne.jp (HELO localhost) (210.253.193.85)
  by smtp.246.ne.jp with SMTP; 14 May 2000 21:03:01 +0900
To: doc-jp@jp.freebsd.org
In-Reply-To: <200005141025.TAA02293@mail.geocities.co.jp>
References: <20000424224635.EEF4B37BBB4@hub.freebsd.org>
	<200005141025.TAA02293@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sun, 14 May 2000 21:03:00 +0900
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7376
Subject: [doc-jp 7376] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:15.imap-uw
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Hiroki Sato <hrs@geocities.co.jp>:
>  00:15 $B$NK]Lu$G$9!#(B

$B$Q$A$Q$A$Q$A!y(B

> FreeBSD-SA-00:15                                           Security Advisory
>                                                                 FreeBSD, Inc.
$B!D(B $B$5$/$C$HN,(B $B!D(B
> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> The imap-uw port supplies a "libc-client" library which provides
> various functionality common to mail servers.
> imap-uw $B$N(B port $B$O(B, $B%a!<%k%5!<%P$G6&DL$K;H$o$l$k$5$^$6$^$J5!G=$r(B
> $BMQ0U$7$?(B "libv-client" $B$H$$$&%i%$%V%i%j$rDs6!$7$F$$$^$9(B.

"libc-client" $B$G$9$M!#(B

> III. $B1F6AHO0O(B - Impact
> 
> A user who has, or who can obtain (see advisory 00:14) shell access to
> the mail server can prevent an arbitrary mailbox from being opened via
> pop2/pop3, or can force the mailbox to be only opened read-only via
> imap.
> $B%a!<%k%5!<%P$KBP$9$k%7%'%k%"%/%;%9$r5v2D$5$l$?%f!<%6(B, $B$b$7$/$O(B
> $B%7%'%k%"%/%;%9$r3MF@$G$-$k%f!<%6(B($B%;%-%e%j%F%#4+9p(B 00:14 $B$r;2>H(B)$B$O(B,
> $BG$0U$N(B mailbox $B$KBP$7$F(B, pop2/pop3 $B7PM3$G$N%"%/%;%9$rK832$7$?$j(B,
> imap $B7PM3$G$N%"%/%;%9$rFI$_$@$7@lMQ$K6/@)$9$k$3$H$,2DG=$G$9(B.

IMAP4?, POP{2,3} $B$NBgJ8;z>.J8;z$N$f$i$.$O$J$/$7$^$7$g$&!#(B

> 2) Consider using another POP2/POP3 server if you do not require IMAP
> functionality.
> 2) IMAP $B$N5!G=$rI,MW$H$7$F$$$J$$$J$i(B, POP2/POP3 $B%5!<%P$N;HMQ$r9M$($F$/$@$5$$(B.

another $B$rLu=P$7$^$7$g$&!#(B
----
$B$3$,$h$&$$$A$m$&(B
