Hello Listers,
Below is a message I received from a tech list, does anyone know
anything about this?
**Begin forwarded message**
This is a report from Panda Software. All Eudora users should check for a fix from Eudora.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Madrid, November 21, 2005 - According to iDefense, a vulnerability has
been detected in Eudora WorldMail IMAP Server 3, which allows an
attacker to avoid certain security restrictions and access confidential
information.
The security flaw lies in the handling of directories, or to be more specific, in commands for handling IMAP folders. This vulnerability could be exploited by an attacker to read another user's email messages or to move system files.
In order to successfully exploit this vulnerability, the attacker must have logged on the IMAP server. Attacks can be carried out by entering names that contain sequences for uploading directories in the affected IMAP commands, such as 'select'.
List web page: //www.freelists.org/webpage/blindeudora Send all list problems or inquires to: blingeudora@xxxxxxxxxxxxxxx to un subscribe: blindeudora-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
