uw-imapd vunerability question

[abubin]

I see this message on WHM with the uw-imapd vunerability problems.

Can I know what is this uw-imapd? What does it do? Do I wait for the problem to be fixed or upgrade to maildir?

What is maildir? which is better? Will upgrading to maildir cause any problems to my email system?

Thanks in advance.

[chirpy]

uw-imapd is the IMAP server that is used by cPanel for their cpimap daemon.

As to waiting, that's up to you. You should (be) subscribe(d) to the security mailing lists and reading the exploits to determine whether it is in your best interests to upgrade - that's only a decision that you can make as the sys admin.

Read up on the differences of mbox and maildir formats for mailboxes, there's plenty of information on the web.

[astopy]

Quote:

Originally Posted by chirpy

You should (be) subscribe(d) to the security mailing lists...

Are you referring to a cPanel security mailing list? Or individual ones for other applications? If there's a cPanel security list I'd be interested in knowing where I can subscribe.

[chirpy]

I'm referring to the likes of BugTraq and VulnWatch. BugTraq carried the uw-imap vulnerability issue several days ago.

[Nic]

Quote:

Originally Posted by chirpy

I'm referring to the likes of BugTraq and VulnWatch. BugTraq carried the uw-imap vulnerability issue several days ago.

Probably stupid question, but.. can I just disable IMAP on the server (since nobody using it) until next cpanel release? Thanks

[trparky]

Yes, in the Service Control Panel in WHM.

[chirpy]

Remember that if you disable imap you disable the webmail apps. A simpler solution would probably be to block inbound TCP traffic to ports 143 and 993.

[WeMasterz5]

we done this conversion now we get errors every where

some like this

ERROR:
ERROR: Could not complete request.
Query: COPY 88:88 "BTRASH"
Reason Given: Error in IMAP command received by server.

Warning: session_start(): open(/tmp/sess_56938189dc5c6cdc026c8898f898c912, O_RDWR) failed: Permission denied (13) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php on line 333

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php on line 333

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/i18n.php on line 211

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php on line 305

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/src/login.php on line 54

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/plugins/cpanel_auth/setup.php on line 25

[Bruce]

If you need help please use the following information:
Free Email Support for this conversion can be reached by emailing:

maildir@cpanel.net

Free Phone Support for this conversion can be reached by calling:

+1 302 757 7118

[WeMasterz5]

been there done all that, phone support M-F, and no reply on the email as of yet

[chirpy]

Quote:

Warning: session_start(): open(/tmp/sess_56938189dc5c6cdc026c8898f898c912, O_RDWR) failed: Permission denied (13) in

Sounds like a /tmp directory permissions or space issue:

1. Check that /tmp isn't full if it's a separate partition

2. Make sure that /tmp is chmod 1777

3. Try running:

/scripts/upcp --force

[WeMasterz5]

it was ( Query: COPY 88:88 "BTRASH" )

something to do with one of the folders we had in there, we ended up just downloading all the mail and making a new account