MailMarshal Spam Quarantine Interface UserID Variable SQL Truncation Arbitrary Account Modification

2007-07-17T17:22:08
ID OSVDB:38182
Type osvdb
Reporter OSVDB
Modified 2007-07-17T17:22:08

Description

Vulnerability Description

MailMarshal contains a flaw that may allow an attacker to modify arbitrary accounts via the Spam Quarantine interface. The issue is due to the password reset feature in the HTTP interface not properly sanitizing user supplied input. By sending a crafted string in the UserID variable with a large amount of trailing whitespace characters, an attacker can trigger an SQL buffer truncation and modify arbitrary accounts.

Solution Description

Upgrade to version 6.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Secunia Advisory ID:26018 Other Advisory URL: http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0323.html CVE-2007-3796 Bugtraq ID: 24936