Ventia DeskNow Mail And Collaboration Server Multiple Remote Directory Traversal Vulnerabilities
BID:12421
Info
Ventia DeskNow Mail And Collaboration Server Multiple Remote Directory Traversal Vulnerabilities
| Bugtraq ID: | 12421 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2005 12:00AM |
| Updated: | Feb 02 2005 12:00AM |
| Credit: | Tan Chew Keong is credited with the disclosure of this issue. |
| Vulnerable: |
Ventia DeskNow Mail and Collaboration Server 2.5.13 Ventia DeskNow Mail and Collaboration Server 2.5.12 |
| Not Vulnerable: |
Ventia DeskNow Mail and Collaboration Server 2.5.14 |
Discussion
Ventia DeskNow Mail And Collaboration Server Multiple Remote Directory Traversal Vulnerabilities
Multiple remote directory traversal vulnerabilities affect Ventia DeskNow Mail And Collaboration Server. These issues are due to a failure of the application to sanitize user-supplied input prior to using it to write and erase files.
The first issue affects the email attachment file upload functionality. The second issue surrounds the file delete functionality of the document repository feature.
An attacker may leverage this issue to delete and create arbitrary files on an affected computer. This may lead to code execution with the privileges of the affected server process as well as system wide denial of service attacks.
Multiple remote directory traversal vulnerabilities affect Ventia DeskNow Mail And Collaboration Server. These issues are due to a failure of the application to sanitize user-supplied input prior to using it to write and erase files.
The first issue affects the email attachment file upload functionality. The second issue surrounds the file delete functionality of the document repository feature.
An attacker may leverage this issue to delete and create arbitrary files on an affected computer. This may lead to code execution with the privileges of the affected server process as well as system wide denial of service attacks.
Exploit / POC
Ventia DeskNow Mail And Collaboration Server Multiple Remote Directory Traversal Vulnerabilities
No exploit is required to leverage either of these issues.
No exploit is required to leverage either of these issues.
Solution / Fix
Ventia DeskNow Mail And Collaboration Server Multiple Remote Directory Traversal Vulnerabilities
Solution:
The vendor has released an upgrade dealing with this issue.
Ventia DeskNow Mail and Collaboration Server 2.5.12
Ventia DeskNow Mail and Collaboration Server 2.5.13
Solution:
The vendor has released an upgrade dealing with this issue.
Ventia DeskNow Mail and Collaboration Server 2.5.12
-
Ventia Mail and Collaboration Server 2.5.14
http://www.desknow.com/desknowmc/index.html
Ventia DeskNow Mail and Collaboration Server 2.5.13
-
Ventia Mail and Collaboration Server 2.5.14
http://www.desknow.com/desknowmc/index.html
References
Ventia DeskNow Mail And Collaboration Server Multiple Remote Directory Traversal Vulnerabilities
References:
References: