1st Class Mail Server Arbitrary File Access

2004-04-08T00:00:00
ID OSVDB:5011
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr)
Modified 2004-04-08T00:00:00

Description

Vulnerability Description

1st Class Internet Solutions 1st Class Mail Server contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

1st Class Internet Solutions 1st Class Mail Server contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../).

References:

Vendor URL: http://www.1cis.com Security Tracker: 1009705 Secunia Advisory ID:11330 Related OSVDB ID: 5012 Other Advisory URL: http://members.lycos.co.uk/r34ct/main/1st%20Class%20mail%20server%204.01.txt Keyword: Directory Traversal ISS X-Force ID: 15812 CVE-2004-2446 Bugtraq ID: 10089