| VID |
21538 |
| Severity |
40 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The DeskNow Mail and Collaboration server, according to its version number, has multiple vulnerabilities. Ventia DeskNow Mail and Collaboration server is a full-featured and integrated mail and instant messaging server, that includes the Web Mail feature. DeskNow Mail and Collaboration server versions prior to 2.5.14 are vulnerable to multiple remote directory traversal vulnerabilities, caused by improper filtering of user-supplied input prior to using it to write and erase files.
The first issue affects the email attachment file upload functionality. The second issue surrounds the file delete functionality of the document repository feature. An attacker may exploit these vulnerabilities to delete and create arbitrary files on an affected computer. This may lead to code execution with the privileges of the affected server process as well as system wide denial of service attacks.
* Note: This check solely relied on the version number of the DeskNow Mail and Collaboration server installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-01/0371.html
* Platforms Affected:
Ventia, DeskNow Mail and Collaboration server prior to 2.5.12
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of DeskNow Mail and Collaboration server (2.5.14 or later), available from the DeskNow Web site at http://www.desknow.com/ |
| Related URL |
CVE-2005-0332 (CVE) |
| Related URL |
12421 (SecurityFocus) |
| Related URL |
19206 (ISS) |
|
