Hi, all.

There's a security vulnerability in iRedAPD-1.3.2 and earlier versions, all users are strongly encouraged to upgrade iRedAPD to 1.3.3.

Issue description

Quote from rizkiwicaksono:
"When plugins got loaded by iredAPD, it automatically compiles source .py files into .pyc files for faster loading in the future. But unfortunately the compiled file permission is world writable (666 mode). Since iredAPD run as root (root privilege for iredapd is too much), attacker can replace PYC plugins file with maliciously crafted PYC files to execute code with root privilege."

"Attacker can prepare malicious PYC file on his own test box, then upload it to victim box and replace the original pyc file with his own."

Steps used to fix it

The simpliest way to fix it is installing iRedAPD-1.3.3 (not upgrade).

- Download iRedAPD-1.3.3 directly: http://iredmail.googlecode.com/files/iR … .3.tar.bz2
- Installation Guide (for OpenLDAP backend): http://iredmail.org/wiki/index.php?titl … D/OpenLDAP

Credits

Thanks to rizkiwicaksono for his report, YouTube video, and code contribution.