0oooop ( / Six Toed ) / Security Advisory (_< Date: 2000, 01/03 Affected Software: iMail Server 5.0 Platform: Windows NT 4.0 SP 6a *Problem* A malicous user can read emails as any other user on the system. *How* The issue lies in how iMail handles the creating of new email accounts, and how it stores them. When iMail is default installed all new email accounts are stored in the same directory. So, the directory that held the email account for admin@domain.com would be stored in the same directory as user@otherdomain.com. *Exploit* Now if user@otherdoamin.com has mail administration turned on, user could create a new account under his domain (otherdomain.com) for admin, and since iMail would store it in the same directory as the as the admin@doamin.com account, they would then become one in the same. Thus allowing user@otherdomain.com to read ALL incoming emails to admin@domain.com and all other 'admin' users on the system by sharing the same 'admin' folder. As you can imagine, this could pose a serious risk to security. *Fix* When creating a new email account for a domain in iMail Administrator, choose a custom path to save all accounts to. Example: D:\IMAIL\newdomain.com As long as an administrator is keeping his eye on the ball this little problem can be avoided. *Notes* I have not tested this problem on any earlier version of iMail... Other versions are probably affected too. If you find out they are please email me. *Shouts* Lupus Gentry, Af8e 4f5, Logical Gambit, RandomS, knarph, nulltone, Strick, Ross, Everyone @ yak.net, and the girl who crushed Lupus's heat today, this means you Anna. ------------------------ Advisory By Simon(Says) Six Toed 2000, 01/03 simonsays@ureach.com VM. 1-877-815-7880 x916 ------------------------ EOF