Results 1 to 7 of 7

Thread: ZCS 4.5.2 and pop3/imap security issues?

  1. #1
    fisch09 is offline Special Member
    Join Date
    Dec 2006
    Location
    Melbourne, VIC, Australia
    Posts
    120
    Rep Power
    8

    Exclamation ZCS 4.5.2 and pop3/imap security issues?

    [edited by jholder for security issues]
    Last edited by jholder; 02-27-2007 at 08:48 PM.

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Andre,
    Due to security concerns, I have edited and removed the content.
    I have submitted a bug. If you have any questions, please contact me directly.

    Thanks for reporting this, and we'll keep you posted.

    -john

    EDIT: For clarification, this has not been verified.
    Last edited by jholder; 02-27-2007 at 08:51 PM.

  3. #3
    fisch09 is offline Special Member
    Join Date
    Dec 2006
    Location
    Melbourne, VIC, Australia
    Posts
    120
    Rep Power
    8

    Default

    Is there a better way to report possible security issues? Bugzilla, Email?

    Cheers
    Andre

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Hey Andre,
    If you, or any user, ever believe that there is a possible security issue, you should always contact us first.

    You can do this by e-mail or pvt message. The best thing to do is to file a bug, and mark it private so that only you and Zimbra can see it.

    We take the security of Zimbra VERY seriously, and appreciate you reporting this. As I said, I have filed a bug, and our developers are looking into it.

    Thanks
    john

  5. #5
    fisch09 is offline Special Member
    Join Date
    Dec 2006
    Location
    Melbourne, VIC, Australia
    Posts
    120
    Rep Power
    8

    Default

    Hi John,

    many tanks to you for making this clear. Maybe it's an good idea to create a FAQ / Wiki article for "how to report (possible) security issues/concerns".

    Cheers
    Andre

  6. #6
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    You're absolutely right!

    We'll do that.

    -john

  7. #7
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Just a quick follow-up the security issue was suspected possible buffer overflows in the POP3/IMAP stack. In Zimbra this is written in Java (which isn't suspect to buffer overflow/overwrite like C/C++ would be). In any case we'll check the Perdition (IMAP/POP proxy) to make sure it doesn't have any possible issues.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •