Winmail Server upload.php Traversal Arbitrary File Upload

2005-01-27T04:53:54
ID OSVDB:13245
Type osvdb
Reporter Tan Chew Keong(chewkeong@security.org.sg)
Modified 2005-01-27T04:53:54

Description

Vulnerability Description

Winmail Server contains a flaw that allows a remote attacker to upload arbitrary files. The issue is due to the 'upload.php' script not properly sanitizing user input, specifically traversal style attacks (../../). It is possible for a remote attacker to upload arbitrary PHP scripts which would be executed with LOCAL SYSTEM privileges, resulting in a loss of integrity.

Solution Description

Upgrade to version 4.0 (Build 1318) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Winmail Server contains a flaw that allows a remote attacker to upload arbitrary files. The issue is due to the 'upload.php' script not properly sanitizing user input, specifically traversal style attacks (../../). It is possible for a remote attacker to upload arbitrary PHP scripts which would be executed with LOCAL SYSTEM privileges, resulting in a loss of integrity.

References:

Security Tracker: 1013017 Secunia Advisory ID:14053 Related OSVDB ID: 13248 Related OSVDB ID: 13244 Related OSVDB ID: 13247 Related OSVDB ID: 13246 Other Advisory URL: http://www.security.org.sg/vuln/magicwinmail40.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0306.html CVE-2005-0313 Bugtraq ID: 12388