The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

uw-imapd vunerability question

Discussion in 'General Discussion' started by abubin, Oct 7, 2005.

  1. abubin

    abubin Well-Known Member

    Joined:
    Dec 7, 2004
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    I see this message on WHM with the uw-imapd vunerability problems.

    Can I know what is this uw-imapd? What does it do? Do I wait for the problem to be fixed or upgrade to maildir?

    What is maildir? which is better? Will upgrading to maildir cause any problems to my email system?

    Thanks in advance.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    uw-imapd is the IMAP server that is used by cPanel for their cpimap daemon.

    As to waiting, that's up to you. You should (be) subscribe(d) to the security mailing lists and reading the exploits to determine whether it is in your best interests to upgrade - that's only a decision that you can make as the sys admin.

    Read up on the differences of mbox and maildir formats for mailboxes, there's plenty of information on the web.
     
  3. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Are you referring to a cPanel security mailing list? Or individual ones for other applications? If there's a cPanel security list I'd be interested in knowing where I can subscribe.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'm referring to the likes of BugTraq and VulnWatch. BugTraq carried the uw-imap vulnerability issue several days ago.
     
  5. Nic

    Nic Member

    Joined:
    Dec 9, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Probably stupid question, but.. can I just disable IMAP on the server (since nobody using it) until next cpanel release? Thanks
     
  6. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    0
    Yes, in the Service Control Panel in WHM.
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Remember that if you disable imap you disable the webmail apps. A simpler solution would probably be to block inbound TCP traffic to ports 143 and 993.
     
  8. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Miami
    we done this conversion now we get errors every where

    some like this

    ERROR:
    ERROR: Could not complete request.
    Query: COPY 88:88 "BTRASH"
    Reason Given: Error in IMAP command received by server.

    Warning: session_start(): open(/tmp/sess_56938189dc5c6cdc026c8898f898c912, O_RDWR) failed: Permission denied (13) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php on line 333

    Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php on line 333

    Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/i18n.php on line 211

    Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php on line 305

    Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/src/login.php on line 54

    Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/squirrelmail/functions/global.php:333) in /usr/local/cpanel/base/3rdparty/squirrelmail/plugins/cpanel_auth/setup.php on line 25
     
  9. Bruce

    Bruce Well-Known Member

    Joined:
    Oct 4, 2001
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    If you need help please use the following information:
    Free Email Support for this conversion can be reached by emailing:

    maildir@cpanel.net

    Free Phone Support for this conversion can be reached by calling:

    +1 302 757 7118
     
  10. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Miami
    been there done all that, phone support M-F, and no reply on the email as of yet
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Sounds like a /tmp directory permissions or space issue:

    1. Check that /tmp isn't full if it's a separate partition

    2. Make sure that /tmp is chmod 1777

    3. Try running:

    /scripts/upcp --force
     
  12. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Miami
    it was ( Query: COPY 88:88 "BTRASH" )

    something to do with one of the folders we had in there, we ended up just downloading all the mail and making a new account
     

Share This Page