|
 |
|
MDaemon WorldClient LookOut Theme Inbox Denial of Service Weakness
|
|
|
|
|
Secunia Advisory:
|
SA17990
|
|
|
Release Date:
|
2005-12-12
|
|
Last Update:
|
2006-01-13
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | MDaemon 8.x
|
| | CVE reference: | CVE-2005-4265 (Secunia mirror)
CVE-2005-4266 (Secunia mirror)
CVE-2005-4209 (Secunia mirror)
|
|
|
|
|
|
Description:
dr_insane has discovered a weakness in MDaemon, which can be exploited by malicious people to cause a DoS (Denial of Service).
The weakness is caused due to an error in the WorldClient webmail's "LookOut" Theme when displaying the user's inbox when the "Subject" header of a received email contains Javascript tags. This can be exploited to prevent a user from correctly accessing his Inbox from the webmail via a specially crafted email containing "<script></script>" in the "Subject" field.
Successful exploitation requires that the user uses the default "LookOut" Theme.
The weakness has been confirmed in version 8.1.3. Other versions may also be affected.
Note: It is also reportedly possible to logout another user if the 7 uppercase-only Session ID of that user is guessed correctly, and the other user is accessing the webmail server from the same IP address as the attacker (e.g. via the same proxy server).
Solution:
Filter emails containing potentially malicious scripts with an email filtering gateway.
Removing the malicious email, e.g. by deleting it via IMAP or POP3, or by changing to another Theme, would allow the inbox to be accessible again.
Provided and/or discovered by:
dr_insane
Changelog:
2005-12-13: Received additional information from vendor. Updated "Critical", "Solution Status", "Description" and "Solution" sections.
2006-01-13: Added CVE references.
Original Advisory:
http://www.ipomonis.com/advisories.htm
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
6 Related Secunia Security Advisories
|
|
|
1. MDaemon POP3 Server Buffer Overflow Vulnerabilities
|
|
2. MDaemon Insecure Default Directory Permissions
|
|
3. MDaemon IMAP Mail Folder Name Denial of Service
|
|
4. MDaemon Content Filter Directory Traversal Vulnerability
|
|
5. MDaemon IMAP Authentication Denial of Service Vulnerability
|
|
6. MDaemon IMAP Service "CREATE" Command Buffer Overflow
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
