Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability
BID:1144
Info
Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability
| Bugtraq ID: | 1144 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 21 2000 12:00AM |
| Updated: | Apr 21 2000 12:00AM |
| Credit: | Discovered by Leonid Medevedv <[email protected]> and posted to NTBugtraq on April 21, 2000. |
| Vulnerable: |
Atrium Software Mercur Mail Server 3.2 |
| Not Vulnerable: | |
Discussion
Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability
Any email message in a known mailbox of a known user can be read by remote users through directory traversing in Atrium Mercur Mail Server 3.2. This is accomplished by logging onto the Mail Server and executing IMAP commands accompanied by paths such as /../../directory.
Any email message in a known mailbox of a known user can be read by remote users through directory traversing in Atrium Mercur Mail Server 3.2. This is accomplished by logging onto the Mail Server and executing IMAP commands accompanied by paths such as /../../directory.
Exploit / POC
Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability
see discussion
see discussion
Solution / Fix
Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability
References:
References:
- Atrium Software Mercur Mail Server Homepage (Atrium Software)