IceWarp WebMail accountsettings_add.html Arbitrary File Creation

2004-09-10T00:00:00
ID OSVDB:9811
Type osvdb
Reporter ShineShadow(ss_contacts@hotmail.com)
Modified 2004-09-10T00:00:00

Description

Vulnerability Description

IceWarp Web Mail contains a flaw that may allow a remote attacker to create arbitrary files on the system. The issue is due to the accountsettings_add.html script not properly sanitizing user input and allowing custom content to be specified. The server will create a file called "accounts.dat" with the user supplied input which may lead to further privilege escalation.

Solution Description

Upgrade to version 5.2.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IceWarp Web Mail contains a flaw that may allow a remote attacker to create arbitrary files on the system. The issue is due to the accountsettings_add.html script not properly sanitizing user input and allowing custom content to be specified. The server will create a file called "accounts.dat" with the user supplied input which may lead to further privilege escalation.

Manual Testing Notes

http://[victim]:32000/mail/accountsettings_add.html?id=[sessionid]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accountid=[any text with special characters]

References:

Vendor URL: http://www.merakmailserver.com/ Security Tracker: 1012099 Secunia Advisory ID:12789 Related OSVDB ID: 9814 Related OSVDB ID: 9807 Related OSVDB ID: 9808 Related OSVDB ID: 9810 Related OSVDB ID: 9805 Related OSVDB ID: 9806 Related OSVDB ID: 9809 Related OSVDB ID: 9812 Related OSVDB ID: 9813 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0068.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0087.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0318.html ISS X-Force ID: 17317 CVE-2004-1673 Bugtraq ID: 11371