|
ArGoSoft Mail Server Pro Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA18990
|
|
|
Release Date:
|
2006-02-24
|
|
Last Update:
|
2006-03-02
|
|
Popularity:
|
8,228 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | ArGoSoft Mail Server 1.8.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-0928
CVE-2006-0929
CVE-2006-0930
|
|
Description:
NSA Group has discovered some vulnerabilities in ArGoSoft Mail Server Pro, which can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions and by malicious people to gain knowledge of various system information.
1) Input passed to the "UIDL" parameter in viewheaders is not properly sanitised, which can be exploited to disclose the contents of arbitrary files on the system via directory traversal attacks.
Example:
http://[host]/viewheaders?Folder=inbox&UIDL=../../../../../../[file]%00/
Successful exploitation requires a valid user account and access to the webmail functionality.
2) The IMAP service does not properly sanitise input passed to the "RENAME" command. This can be exploited to move folders to arbitrary directories on the system.
Successful exploitation requires a valid user account and access to the IMAP service.
3) The POP3 service supports the command "_DUMP" (can be used pre-authentication), which dumps various information about the system, mail server registration information, and the configuration of the mail server.
The vulnerabilities have been confirmed in version 1.8.8.5. Prior versions may also be affected.
Solution:
Update to version 1.8.8.6 or later.
Provided and/or discovered by:
NSA Group
Changelog:
2006-02-27: Updated "Solution" section.
2006-03-02: Added CVE references.
Original Advisory:
http://www.nsag.ru/vuln/877.html
http://www.nsag.ru/vuln/878.html
http://www.nsag.ru/vuln/879.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
