From BugTraq: ========================================== Hackers Center Security Group (http://www.hackerscenter.com/) Zinho's Security Advisory Desc: Http Splitting leads to email account stealing Product: SQWebmail Risk: High A dangerous http splitting attack can be taken against mailboxes that use Sqwebmail as web mail interface. Anyone can send a malformed link in the email body and stealing session cookie and passwords. Proof of concept: /// sqwebmail?redirect=%0d%0a%0d%0a[INJECT SCRIPT] /// Vendor should patch this issue soon as anyone can attack a user directly. Author: Zinho is webmaster and founder of http://www.hackerscenter.com , Security research portal Secure Web Hosting Companies Reviewed: http://www.securityforge.com/web-hosting/secure-web-hosting.asp zinho-no-spam @ hackerscenter.com ===============================================
Scott please advise.
swtaylor seems to be MIA, ticho could you look into it?
Um, I can't find sqwebmail in portage. I have recently closed one ancient sqwebmail bug because of this too. I couldn't find sqwebmail in cvs attic as well, I am at a loss to find out what happened to that package.
I'm afraid I can't do much until upstream provides a solution (be it patch or new version). Entire courier, as well as sqwebmail is completely alien to me. As soon as upstream provides a solution, I can try to apply it if swtailor will still be gone.
Ticho any news on this one?
I'm afraid not - atleast I wasn't able to glimpse anything relevant in their official changelog (http://www.courier-mta.org/changelog.html)
upstream responsed here: http://sourceforge.net/mailarchive/forum.php?thread_id=7193743&forum_id=6705
Upstream denied it, maybe our auditors should check it sometime.
Closing as per upstream.
