| VID |
22407 |
| Severity |
40 |
| Port |
4096,32000 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The VisNetic or Merak Mail Server is vulnerable to multiple vulnerabilities which exist in versions prior to 8.3.5. IceWarp Web Mail is a multi-featured Web mail server for Microsoft Windows platforms. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Web Mail into their suites. Merak Mail Server 8.3.0.r and VisNetic MailServer 8.3.0 build 1 and possibly earlier versions are vulnerable to multiple vulnerabilities. An attacker could exploit these vulnerabilities to include arbitrary local or remote files containing malicious PHP code and execute it in the context of the Web server process.
* References:
http://secunia.com/secunia_research/2005-62/advisory/
http://www.deerfield.com/download/visnetic-mailserver/
http://www.frsirt.com/english/advisories/2005/1933
http://secunia.com/secunia_research/2005-62/advisory/
http://secunia.com/advisories/17865/
http://securitytracker.com/alerts/2005/Dec/1015412.html
* Platforms Affected:
Deerfield, VisNetic Mail Server 8.3.0 build 1 and earlier versions
Merak Mail Server, Inc, Merak Mail Server 8.3.0.r and earlier versions
Microsoft Windows Any version |
| Recommendation |
For Merak Mail Server:
Upgrade to the latest version of Merak Mail Server (8.3.5.r or later), available from the Merak Mail Server Web site at http://www.merakmailserver.com/Products/Merak_Mail_Server/
For VisNetic Mail Server:
Upgrade to the latest version of VisNetic Mail Server (8.3.5 or later), available from the VisNetic Mail Server Download Web site at http://www.deerfield.net/products/visnetic-mailserver/vmstoiw.htm/ |
| Related URL |
CVE-2005-4556,CVE-2005-4557,CVE-2005-4558,CVE-2005-4559 (CVE) |
| Related URL |
16069 (SecurityFocus) |
| Related URL |
22722,23897 (ISS) |
|
