Topic: Urgent: Security fix of iRedAPD-1.3.2 and earlier versions
There's a security vulnerability in iRedAPD-1.3.2 and earlier versions, all users are strongly encouraged to upgrade iRedAPD to 1.3.3.
Quote from rizkiwicaksono:
"When plugins got loaded by iredAPD, it automatically compiles source .py files into .pyc files for faster loading in the future. But unfortunately the compiled file permission is world writable (666 mode). Since iredAPD run as root (root privilege for iredapd is too much), attacker can replace PYC plugins file with maliciously crafted PYC files to execute code with root privilege."
"Attacker can prepare malicious PYC file on his own test box, then upload it to victim box and replace the original pyc file with his own."
Steps used to fix it
The simpliest way to fix it is installing iRedAPD-1.3.3 (not upgrade).
- Download iRedAPD-1.3.3 directly: http://iredmail.googlecode.com/files/iR … .3.tar.bz2
- Installation Guide (for OpenLDAP backend): http://iredmail.org/wiki/index.php?titl … D/OpenLDAP
Thanks to rizkiwicaksono for his report, YouTube video, and code contribution.