[edited by jholder for security issues]
LinkBack URL
About LinkBacks
Special Member
ZCS 4.5.2 and pop3/imap security issues?
[edited by jholder for security issues]
Last edited by jholder; 02-27-2007 at 07:48 PM.
Former Zimbran
Andre,
Due to security concerns, I have edited and removed the content.
I have submitted a bug. If you have any questions, please contact me directly.
Thanks for reporting this, and we'll keep you posted.
-john
EDIT: For clarification, this has not been verified.
Last edited by jholder; 02-27-2007 at 07:51 PM.
Special Member
Is there a better way to report possible security issues? Bugzilla, Email?
Cheers
Andre
Former Zimbran
Hey Andre,
If you, or any user, ever believe that there is a possible security issue, you should always contact us first.
You can do this by e-mail or pvt message. The best thing to do is to file a bug, and mark it private so that only you and Zimbra can see it.
We take the security of Zimbra VERY seriously, and appreciate you reporting this. As I said, I have filed a bug, and our developers are looking into it.
Thanks
john
Special Member
Hi John,
many tanks to you for making this clear. Maybe it's an good idea to create a FAQ / Wiki article for "how to report (possible) security issues/concerns".
Cheers
Andre
Former Zimbran
You're absolutely right!
We'll do that.
-john
Zimbra Employee
Just a quick follow-up the security issue was suspected possible buffer overflows in the POP3/IMAP stack. In Zimbra this is written in Java (which isn't suspect to buffer overflow/overwrite like C/C++ would be). In any case we'll check the Perdition (IMAP/POP proxy) to make sure it doesn't have any possible issues.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
