4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.4%
MailScan is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.900204");
script_version("2024-02-08T14:36:53+0000");
script_tag(name:"last_modification", value:"2024-02-08 14:36:53 +0000 (Thu, 08 Feb 2024)");
script_tag(name:"creation_date", value:"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)");
script_cve_id("CVE-2008-3726");
script_copyright("Copyright (C) 2008 Greenbone AG");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_category(ACT_MIXED_ATTACK);
script_family("Web application abuses");
script_name("MicroWorld MailScan for Mail Servers < 6.4a Multiple Vulnerabilities");
script_dependencies("smb_reg_service_pack.nasl");
script_mandatory_keys("SMB/WindowsVersion");
script_require_ports(139, 445, 10443);
script_xref(name:"URL", value:"http://secunia.com/advisories/31534");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/30700");
script_xref(name:"URL", value:"http://www.oliverkarow.de/research/mailscan.txt");
script_tag(name:"summary", value:"MailScan is prone to multiple vulnerabilities.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- an input validation error within the web administration interface.
- the web administration interface does not properly restrict access
to certain pages. can cause an authentication-bypass vulnerability.
- an input passed via URL to the web administration interface is not
properly sanitized before being returned to the user.");
script_tag(name:"affected", value:"MicroWorld MailScan for Mail Servers 5.6a and prior versions.");
script_tag(name:"solution", value:"Upgrade to MicroWorld MailScan Version 6.4a or later.");
script_tag(name:"impact", value:"Successful Remote exploitation will allow, to gain unauthorized
access to disclose sensitive information, directory traversal attacks,
cross site scripting, execution of arbitrary script code within the
context of the website to steal cookie-based authentication credentials.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_analysis");
exit(0);
}
include("smb_nt.inc");
include("http_func.inc");
include("http_keepalive.inc");
port = 10443;
if( ! get_port_state( port ) ) exit( 0 );
req = http_get(item:"/main.dll", port:port);
res = http_keepalive_send_recv(port:port, data:req);
if("Welcome to MicroWorld's MailScan" >!< res)
exit(0);
if(!safe_checks()) {
url = "/../../../../boot.ini";
req = http_get(item:url, port:port);
res = http_keepalive_send_recv(port:port, data:req);
if(res =~ "^HTTP/1\.[01] 200" && "[boot loader]" >< res) {
report = http_report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
}
exit(0);
}
if(!get_kb_item("SMB/WindowsVersion"))
exit(0);
mailScanVer = registry_get_sz(key:"SOFTWARE\MicroWorld\C:#PROGRA~1#MAILSCAN" +
"#MAILSCAN.INI\General", item:"Version");
if(!mailScanVer)
exit(0);
if(egrep(pattern:"^([0-4]\..*|5\.[0-5][a-z]?|5\.6a?)$", string:mailScanVer)){
security_message(port:port);
exit(0);
}
exit(99);