| VID |
22315 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ArGoSoft Mail Server, according to its banner, has multiple directory traversal vulnerabilities. ArGoSoft Mail Server is fully functional SMTP/POP3/Finger server with a built-in HTTP server for Microsoft Windows platforms. ArGoSoft Mail Server versions prior to 1.8.7.4 could allow a remote authenticated attacker to traverse directories on the system and upload arbitrary files:
1) An input validation error in the attachment handling can be exploited to create or overwrite arbitrary files via directory traversal attacks.
2) The problem is that the "_msgatt.rec" file, which holds information about uploaded files, can be overwritten by an uploaded attachment. This can be exploited to include arbitrary files as attachments in an mail via directory traversal attacks.
3) Input passed to the "Folder" parameter in "msg", "delete", "folderdelete" and "folderadd" isn't properly sanitized before being used. This can be exploited to access or delete mails for other currently logged on users, and create or delete arbitrary directories via directory traversal attacks.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.security.org.sg/vuln/argosoftmail1873.html
http://secunia.com/advisories/14161/
http://archives.neohapsis.com/archives/bugtraq/2005-02/0053.html
* Platforms Affected:
ArGoSoft Mail Server prior to 1.8.7.4
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of ArGoSoft Mail server (1.8.7.4 or later), available from the ArGoSoft Mail Server Download Web site at http://download.cnet.com/ArGoSoft-Mail-Server-Freeware/3000-2369_4-10038331.html |
| Related URL |
CVE-2005-1282,CVE-2005-1284 (CVE) |
| Related URL |
13323,13326 (SecurityFocus) |
| Related URL |
20225,20228 (ISS) |
|
