|
Ecartis "pantomime" Functionality Attachment Handling Security Issue
|
|
Secunia Advisory:
|
SA18524
|
|
|
Release Date:
|
2006-01-19
|
|
Last Update:
|
2006-01-25
|
|
Popularity:
|
5,670 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | ecartis (listar) 1.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Matthias Kilian has discovered a security issue in Ecartis, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to a design error, which causes attachments in emails that are sent to the [listname]-request@[hostname] addresses to be saved to the "pantomime" web-accessible directory even when the sender is not subscribed to the mailing list or when the list is closed. This can potentially be exploited by malicious people to place arbitrary files onto the server.
Successful exploitation requires that the "pantomime" functionality has been enabled for the mailing list.
The security issue has been confirmed in version 1.0.0 snapshot 20050909. Other versions may also be affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
