| VID |
21307 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Open WebMail program, according to its version number, has arbitrary Directory Creation Vulnerability.
Open WebMail is an open-source Web mail program written in Perl for Unix-based operating systems. The versions 2.30 and earlier of Open WebMail could a remote attacker to create arbitrary directories through web interface, if the option 'use_syshomedir' is set to no or 'create_syshomedir' is set to 'yes'.
* Note: This check solely relied on the version number of the remote Open WebMail to assess this vulnerability, so this might be a false positive. If the version number was obtained from the file 'openwebmail.pl' and you applied the patch that released on April 9, 2004 and later, please ignore this alert.
* References:
http://secunia.com/advisories/11334/
* Platforms Affected:
Open WebMail 2.30(2004-08-04) and earlier
Linux Any version |
| Recommendation |
Upgrade to the latest current version (dated 16-June-2004 or later) of Open WebMail from the Open WebMail Web site at http://openwebmail.org . This issue is fixed in the Open WebMail 2.30 on the 2004-04-09. |
| Related URL |
CVE-2004-2458 (CVE) |
| Related URL |
10087 (SecurityFocus) |
| Related URL |
15822 (ISS) |
|
