ArGoSoft Mail Server viewlogs.pl Information Disclosure

2005-02-11T12:12:23
ID OSVDB:13710
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr)
Modified 2005-02-11T12:12:23

Description

Vulnerability Description

ArGoSoft contains a flaw that may allow a malicious user to view log information. The issue is triggered when calling the viewlogs.pl script. It is possible that the flaw may allow viewing logfiles resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.8.7.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable "Allow Creation of Accounts from Web" in Tools --> Options --> General.

Restrict access to the "viewlogs.pl" script.

Short Description

ArGoSoft contains a flaw that may allow a malicious user to view log information. The issue is triggered when calling the viewlogs.pl script. It is possible that the flaw may allow viewing logfiles resulting in a loss of confidentiality.

References:

Vendor URL: http://www.argosoft.com/applications/mailserver/ Secunia Advisory ID:14221 Related OSVDB ID: 13708 Related OSVDB ID: 13709