Results 1 to 7 of 7

Thread: ZCS 4.5.2 and pop3/imap security issues?

  1. #1
    Join Date
    Dec 2006
    Location
    Melbourne, VIC, Australia
    Posts
    120
    Rep Power
    8

    Exclamation ZCS 4.5.2 and pop3/imap security issues?

    [edited by jholder for security issues]
    Last edited by jholder; 02-27-2007 at 07:48 PM.

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Andre,
    Due to security concerns, I have edited and removed the content.
    I have submitted a bug. If you have any questions, please contact me directly.

    Thanks for reporting this, and we'll keep you posted.

    -john

    EDIT: For clarification, this has not been verified.
    Last edited by jholder; 02-27-2007 at 07:51 PM.

  3. #3
    Join Date
    Dec 2006
    Location
    Melbourne, VIC, Australia
    Posts
    120
    Rep Power
    8

    Default

    Is there a better way to report possible security issues? Bugzilla, Email?

    Cheers
    Andre

  4. #4
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Hey Andre,
    If you, or any user, ever believe that there is a possible security issue, you should always contact us first.

    You can do this by e-mail or pvt message. The best thing to do is to file a bug, and mark it private so that only you and Zimbra can see it.

    We take the security of Zimbra VERY seriously, and appreciate you reporting this. As I said, I have filed a bug, and our developers are looking into it.

    Thanks
    john

  5. #5
    Join Date
    Dec 2006
    Location
    Melbourne, VIC, Australia
    Posts
    120
    Rep Power
    8

    Default

    Hi John,

    many tanks to you for making this clear. Maybe it's an good idea to create a FAQ / Wiki article for "how to report (possible) security issues/concerns".

    Cheers
    Andre

  6. #6
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    You're absolutely right!

    We'll do that.

    -john

  7. #7
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Just a quick follow-up the security issue was suspected possible buffer overflows in the POP3/IMAP stack. In Zimbra this is written in Java (which isn't suspect to buffer overflow/overwrite like C/C++ would be). In any case we'll check the Perdition (IMAP/POP proxy) to make sure it doesn't have any possible issues.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •