E-Post Multiple Product IMAP LIST Command Traversal Arbitrary Directory Listing

2006-01-25T04:48:14
ID OSVDB:22764
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2006-01-25T04:48:14

Description

Vulnerability Description

E-Post contains a flaw that allows a remote attacker to list arbitrary directories on the server outside of the mail directory. The issue is due to the IMAP service not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the arguments to the LIST command.

Technical Description

It is possible to cause the service to crash by listing certain directories.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.

Short Description

E-Post contains a flaw that allows a remote attacker to list arbitrary directories on the server outside of the mail directory. The issue is due to the IMAP service not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the arguments to the LIST command.

References:

Vendor URL: http://www.e-postinc.jp/ Secunia Advisory ID:18480 Related OSVDB ID: 22762 Related OSVDB ID: 22763 Related OSVDB ID: 22761 Related OSVDB ID: 22765 Related OSVDB ID: 22766 Other Advisory URL: http://secunia.com/secunia_research/2006-1/advisory/ ISS X-Force ID: 24335 FrSIRT Advisory: ADV-2006-0318 CVE-2006-0448 Bugtraq ID: 16379