ArGoSoft Mail Server msg Script Traversal Arbitrary File Access

2005-04-22T03:25:09
ID OSVDB:15823
Type osvdb
Reporter ShineShadow(ss_contacts@hotmail.com)
Modified 2005-04-22T03:25:09

Description

Vulnerability Description

Argosoft Mail Server Pro contains a flaw that allows a remote attacker to view arbitrary files on mail server outside of the web path. The issue is due to the msg script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "UIDL" variable. An authenticated attacker can view messages of other users, configuration files or other text files on the mail server.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Argosoft Mail Server Pro contains a flaw that allows a remote attacker to view arbitrary files on mail server outside of the web path. The issue is due to the msg script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "UIDL" variable. An authenticated attacker can view messages of other users, configuration files or other text files on the mail server.

References:

Secunia Advisory ID:15100 Related OSVDB ID: 15820 Related OSVDB ID: 15821 Related OSVDB ID: 15822 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0361.html ISS X-Force ID: 20229 CVE-2005-1283