Dbmail IMAP Service SQL Injection

2003-10-15T04:28:53
ID OSVDB:2666
Type osvdb
Reporter OSVDB
Modified 2003-10-15T04:28:53

Description

Vulnerability Description

A flaw in dbmail versions prior to 1.2 allows a malicious user to execute a SQL injection attack. This flaw is due to improper verification of user supplied input and can allow for bypassing authentication or gaining sensitive information.

Technical Description

The problem exists in validation of parameters such as username and password.

Solution Description

Upgrade to version 1.2 or greater of dbmail.

Short Description

A flaw in dbmail versions prior to 1.2 allows a malicious user to execute a SQL injection attack. This flaw is due to improper verification of user supplied input and can allow for bypassing authentication or gaining sensitive information.

References:

Secunia Advisory ID:10001 ISS X-Force ID: 13416 Generic Informational URL: http://www.dbmail.org/ Bugtraq ID: 8829