HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   uebimiau question (http://www.howtoforge.com/forums/showthread.php?t=7277)

ozonblue 5th October 2006 19:07

uebimiau question
 
Hi.

I'm running ISPconfig on Debian sarge with the perfect setup.

I have experienced strange problems with uebimiau which I installed using the ISPconfig tools button. Visiting the official website creates the impression that the uebimiau web mailer is not actively supported anymore. So please bear with me when I ask these questions here.

Uebimiau works fine on the inbox - but when clicking on some othre directories - Trash for example, you are automatically logged out. When you have the "empty trash folder when you logout" option enabled the browser gets stuck in an infinite loop spiting out php error messages eventually crashing the machine where the browser is running. I have traced the error to an empty file handle passed to a fgets function.

Second question - according to http://pridels.blogspot.com/2006/06/...-xss-vuln.html the latest version of uebimiau is insecure. Does any one know if this holds true or has the version shipping with ISPconfig been fixed ?

kind regards,

Eugene Coetzee

falko 6th October 2006 15:09

Quote:

Originally Posted by ozonblue
Visiting the official website creates the impression that the uebimiau web mailer is not actively supported anymore.

I think it's still under development. They don't release new versions very often, but that doesn't mean the project is dead.

Quote:

Originally Posted by ozonblue
Uebimiau works fine on the inbox - but when clicking on some othre directories - Trash for example, you are automatically logged out. When you have the "empty trash folder when you logout" option enabled the browser gets stuck in an infinite loop spiting out php error messages eventually crashing the machine where the browser is running.

Any errors in the error log in /root/ispconfig/httpd/logs?

Quote:

Originally Posted by ozonblue
I have traced the error to an empty file handle passed to a fgets function.

In which file? Have you been able to find out why the file handle is empty?

Quote:

Originally Posted by ozonblue
Second question - according to http://pridels.blogspot.com/2006/06/...-xss-vuln.html the latest version of uebimiau is insecure. Does any one know if this holds true or has the version shipping with ISPconfig been fixed ?

The ISPConfig Uebimiau package is the standard Uebimiaul package with a patched login procedure, so it contains all bugs that the official Uebimiau package has.

ozonblue 7th October 2006 09:51

Quote:

Originally Posted by falko
Any errors in the error log in /root/ispconfig/httpd/logs?

Nothing :-)

Quote:

Originally Posted by falko
In which file? Have you been able to find out why the file handle is empty?

It is on line 25 of class.uebimiau_mail.php

I don't know why the handle is empty - there doesn't seem to be a problem with file permissions.

What bothers me is that there are not any test done to check for a valid handle and together with the other kind of vulnerabilities mentioned I don't have confidence in this software.

Quote:

Originally Posted by falko
The ISPConfig Uebimiau package is the standard Uebimiaul package with a patched login procedure, so it contains all bugs that the official Uebimiau package has.

I think we are going to opt for RoundCube instead. I deleted the relevant Uebimiaul directories and used the install tool to install RoundCube. How can i get rid of the webmail entry in the ISPconfig interface panel ?

Although it is said that RoundCube only supports IMAP it appears to be doing fine with POP3 - except if I'm missing something somewhere.


regards,

Eugene Coetzee

falko 8th October 2006 15:16

Quote:

Originally Posted by ozonblue
I think we are going to opt for RoundCube instead. I deleted the relevant Uebimiaul directories and used the install tool to install RoundCube. How can i get rid of the webmail entry in the ISPconfig interface panel ?

Delete the webmail directory in /home/admispconfig/ispconfig/web/tools/tools.


All times are GMT +2. The time now is 17:41.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.