Author: Phil Pennock Date: To: exim-users Subject: Re: [Exim] Washington mbx again
On 2000-10-05 at 19:45 -0700, Tom Samplonius gifted us with: > Yes, but shouldn't Exim be using the c-client library to manage access
> to MBX mailboxes? I know that is a lot of overhead, but it guarrentees
> that it works right. See my other e-mail with a quote from Marc Cripin
> about various MBX issues.
No, it guarantees that your application has security holes.
See a number of threads on BugTraq, over at least the past year,
probably longer, about problems with UW-IMAP, Pine, and anything else
using c-client.
For those who're unaware - Pine has buffer-overruns in some headers.
Perhaps exploitable, perhaps not. But the last straw - it's going onto
my employer's blacklist; mutt + Pine.rc + pico == Phil sleeps at night.
--
Civilisation: where they cut down the trees and name streets after them.