SqWebMail.txt

2005-08-31T00:00:00
ID PACKETSTORM:39702
Type packetstorm
Reporter Jakob Balle
Modified 2005-08-31T00:00:00

Description

                                        
                                            `======================================================================   
  
Secunia Research 29/08/2005  
  
- SqWebMail HTML Emails Script Insertion Vulnerability -  
  
======================================================================   
Table of Contents  
  
Affected Software....................................................1  
Severity.............................................................2  
Description of Vulnerability.........................................3  
Solution.............................................................4  
Time Table...........................................................5  
Credits..............................................................6  
References...........................................................7  
About Secunia........................................................8  
Verification.........................................................9  
  
======================================================================   
1) Affected Software   
  
SqWebMail 5.0.4  
  
Other versions may also be affected.  
  
======================================================================   
2) Severity   
  
Rating: Moderately Critical  
Impact: Script Insertion  
Where: From Remote  
  
======================================================================   
3) Description of Vulnerability  
  
Secunia Research has discovered a vulnerability in SqWebMail, which  
can be exploited by malicious people to conduct script insertion  
attacks.  
  
The vulnerability is caused due to SqWebMail failing to properly  
sanitise HTML emails. This can be exploited to include arbitrary  
script code in HTML emails, which will be executed in context of the  
SqWebMail server, as soon as the user views a received email.  
  
Example:  
<img src="cid:>" onError="alert(document.domain);">  
  
Successful exploitation allows execution of arbitrary script code  
and makes it possible for a malicious person to perform the same  
actions as the user of the webmail account (e.g. sending or viewing  
emails).  
  
======================================================================   
4) Solution   
  
The vendor has issued an updated version of SqWebMail, which fixes  
this vulnerability.  
  
http://www.courier-mta.org/?download.php  
  
======================================================================   
5) Time Table   
  
26/08/2005 - Initial vendor notification.  
26/08/2005 - Vendor confirms vulnerability and releases a fix.  
29/08/2005 - Public disclosure.  
  
======================================================================   
6) Credits   
  
Discovered by Jakob Balle, Secunia Research.  
  
======================================================================   
7) References  
  
No references available.  
  
======================================================================   
8) About Secunia   
  
Secunia collects, validates, assesses, and writes advisories regarding   
all the latest software vulnerabilities disclosed to the public. These   
advisories are gathered in a publicly available database at the   
Secunia website:   
  
http://secunia.com/  
  
Secunia offers services to our customers enabling them to receive all   
relevant vulnerability information to their specific system   
configuration.   
  
Secunia offers a FREE mailing list called Secunia Security Advisories:   
  
http://secunia.com/secunia_security_advisories/  
  
======================================================================   
9) Verification   
  
Please verify this advisory by visiting the Secunia website:  
http://secunia.com/secunia_research/2005-39/advisory/  
  
Complete list of vulnerability reports published by Secunia Research:  
http://secunia.com/secunia_research/  
  
======================================================================  
  
  
`