IceWarp WebMail Arbitrary Unauthenticated File/Directory Moving

2004-08-10T08:44:35
ID OSVDB:8535
Type osvdb
Reporter OSVDB
Modified 2004-08-10T08:44:35

Description

Vulnerability Description

Web Mail contains a flaw related to access rights that may allow an attacker to move any file or directory on a victim system. This can be performed with guest access. No further details have been provided.

Solution Description

Upgrade to version 5.2.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Web Mail contains a flaw related to access rights that may allow an attacker to move any file or directory on a victim system. This can be performed with guest access. No further details have been provided.

References:

Vendor URL: http://www.icewarp.com/Products/IceWarp_Web_Mail/ Vendor URL: http://www.icewarp.com/ Vendor Specific Advisory URL Secunia Advisory ID:12269 Related OSVDB ID: 8527 Related OSVDB ID: 8533 Related OSVDB ID: 8536 Related OSVDB ID: 8537 Related OSVDB ID: 8529 Related OSVDB ID: 8531 Related OSVDB ID: 8532 Related OSVDB ID: 8534 Related OSVDB ID: 8528 Related OSVDB ID: 8538 Related OSVDB ID: 8539 Related OSVDB ID: 8530