#1  
Old 5th October 2006, 19:07
ozonblue ozonblue is offline
Junior Member
 
Join Date: Aug 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default uebimiau question

Hi.

I'm running ISPconfig on Debian sarge with the perfect setup.

I have experienced strange problems with uebimiau which I installed using the ISPconfig tools button. Visiting the official website creates the impression that the uebimiau web mailer is not actively supported anymore. So please bear with me when I ask these questions here.

Uebimiau works fine on the inbox - but when clicking on some othre directories - Trash for example, you are automatically logged out. When you have the "empty trash folder when you logout" option enabled the browser gets stuck in an infinite loop spiting out php error messages eventually crashing the machine where the browser is running. I have traced the error to an empty file handle passed to a fgets function.

Second question - according to http://pridels.blogspot.com/2006/06/...-xss-vuln.html the latest version of uebimiau is insecure. Does any one know if this holds true or has the version shipping with ISPconfig been fixed ?

kind regards,

Eugene Coetzee
Reply With Quote
Sponsored Links
  #2  
Old 6th October 2006, 15:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

Quote:
Originally Posted by ozonblue
Visiting the official website creates the impression that the uebimiau web mailer is not actively supported anymore.
I think it's still under development. They don't release new versions very often, but that doesn't mean the project is dead.

Quote:
Originally Posted by ozonblue
Uebimiau works fine on the inbox - but when clicking on some othre directories - Trash for example, you are automatically logged out. When you have the "empty trash folder when you logout" option enabled the browser gets stuck in an infinite loop spiting out php error messages eventually crashing the machine where the browser is running.
Any errors in the error log in /root/ispconfig/httpd/logs?

Quote:
Originally Posted by ozonblue
I have traced the error to an empty file handle passed to a fgets function.
In which file? Have you been able to find out why the file handle is empty?

Quote:
Originally Posted by ozonblue
Second question - according to http://pridels.blogspot.com/2006/06/...-xss-vuln.html the latest version of uebimiau is insecure. Does any one know if this holds true or has the version shipping with ISPconfig been fixed ?
The ISPConfig Uebimiau package is the standard Uebimiaul package with a patched login procedure, so it contains all bugs that the official Uebimiau package has.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 7th October 2006, 09:51
ozonblue ozonblue is offline
Junior Member
 
Join Date: Aug 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
Any errors in the error log in /root/ispconfig/httpd/logs?
Nothing :-)

Quote:
Originally Posted by falko
In which file? Have you been able to find out why the file handle is empty?
It is on line 25 of class.uebimiau_mail.php

I don't know why the handle is empty - there doesn't seem to be a problem with file permissions.

What bothers me is that there are not any test done to check for a valid handle and together with the other kind of vulnerabilities mentioned I don't have confidence in this software.

Quote:
Originally Posted by falko
The ISPConfig Uebimiau package is the standard Uebimiaul package with a patched login procedure, so it contains all bugs that the official Uebimiau package has.
I think we are going to opt for RoundCube instead. I deleted the relevant Uebimiaul directories and used the install tool to install RoundCube. How can i get rid of the webmail entry in the ISPconfig interface panel ?

Although it is said that RoundCube only supports IMAP it appears to be doing fine with POP3 - except if I'm missing something somewhere.


regards,

Eugene Coetzee
Reply With Quote
  #4  
Old 8th October 2006, 15:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
 
Default

Quote:
Originally Posted by ozonblue
I think we are going to opt for RoundCube instead. I deleted the relevant Uebimiaul directories and used the install tool to install RoundCube. How can i get rid of the webmail entry in the ISPconfig interface panel ?
Delete the webmail directory in /home/admispconfig/ispconfig/web/tools/tools.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
changing from UebiMiau Webmail 2 RoundcubeWebmail edge Installation/Configuration 5 23rd May 2006 13:17
UebiMiau, error messages. fkmeland General 8 22nd May 2006 23:54
UebiMiau locks out after server receives email sbecker Installation/Configuration 2 25th March 2006 00:00
Login screen UebiMiau http://mydomain.com:81/webmail Hans General 2 8th March 2006 21:56
UebiMiau question... toyito Installation/Configuration 4 11th January 2006 19:29


All times are GMT +2. The time now is 11:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.