Winmail Server download.php Traversal Arbitrary File Access

2005-01-27T04:53:54
ID OSVDB:13244
Type osvdb
Reporter Tan Chew Keong(chewkeong@security.org.sg)
Modified 2005-01-27T04:53:54

Description

Vulnerability Description

Winmail Server contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the 'download.php' script not properly sanitizing user input, specifically traversal style attacks (../../) resulting in a loss of confidentiality.

Solution Description

Upgrade to version 4.0 (Build 1318) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Winmail Server contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the 'download.php' script not properly sanitizing user input, specifically traversal style attacks (../../) resulting in a loss of confidentiality.

References:

Security Tracker: 1013017 Secunia Advisory ID:14053 Related OSVDB ID: 13248 Related OSVDB ID: 13247 Related OSVDB ID: 13245 Related OSVDB ID: 13246 Other Advisory URL: http://www.security.org.sg/vuln/magicwinmail40.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0306.html CVE-2005-0313 Bugtraq ID: 12388