602LAN SUITE Webmail Traversal Arbitrary File Upload

2005-02-07T23:24:49
ID OSVDB:13590
Type osvdb
Reporter Tan Chew Keong(chewkeong@security.org.sg)
Modified 2005-02-07T23:24:49

Description

Vulnerability Description

602LAN Suite contains a flaw that allows a remote attacker to upload files to arbitrary directories outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'filename' variable when attaching a file to an email. Files uploaded to the cgi-bin directory can be executed remotely by an authenticated user via a URL and will run at the privileges of the web server.

Solution Description

Upgrade to version 2004.0.05.0207 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

602LAN Suite contains a flaw that allows a remote attacker to upload files to arbitrary directories outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'filename' variable when attaching a file to an email. Files uploaded to the cgi-bin directory can be executed remotely by an authenticated user via a URL and will run at the privileges of the web server.

References:

Vendor URL: http://www.software602.com/products/ls/ Security Tracker: 1013106 Secunia Advisory ID:14169 Other Advisory URL: http://www.security.org.sg/vuln/602lansuite1221.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0044.html ISS X-Force ID: 19258 Generic Informational URL: http://marc.theaimsgroup.com/?l=bugtraq&m=110793103506620&w=2 CVE-2005-0344 Bugtraq ID: 12495