Courier-IMAP shell characters problem

2007-04-23T00:00:00
ID SECURITYVULNS:VULN:7629
Type securityvulns
Reporter FULL-DISCLOSURE
Modified 2007-04-23T00:00:00

Description

Invalid usage of XMAILDIR environment variable controlled by attacker thorugh logon request in the scripts courier-imapd.indirect and courier-pop3d.indirect