ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities
BID:12502
Info
ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 12502 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2005 12:00AM |
| Updated: | Feb 09 2005 12:00AM |
| Credit: | Discovery is credited to Tan Chew Keong. |
| Vulnerable: |
ArGoSoft Mail Server Pro 1.8.7 .6 ArGoSoft Mail Server Pro 1.8.7 .4 ArGoSoft Mail Server Pro 1.8.7 .3 ArGoSoft Mail Server Plus 1.8.7 .4 ArGoSoft Mail Server Plus 1.8.7 .3 ArGoSoft Mail Server 1.8.7 .4 ArGoSoft Mail Server 1.8.7 .3 |
| Not Vulnerable: | |
Discussion
ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities
ArGoSoft Mail Server is reported prone to multiple directory traversal vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to view, replace and delete arbitrary files, folders, and users' email on a vulnerable computer running the server.
ArGoSoft Mail Server 1.8.7.3 is reported vulnerable to these issues. It is possible that prior versions are affected as well.
New information suggests these issues still affect ArGoSoft Mail Server Pro version 1.8.7.6.
ArGoSoft Mail Server is reported prone to multiple directory traversal vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to view, replace and delete arbitrary files, folders, and users' email on a vulnerable computer running the server.
ArGoSoft Mail Server 1.8.7.3 is reported vulnerable to these issues. It is possible that prior versions are affected as well.
New information suggests these issues still affect ArGoSoft Mail Server Pro version 1.8.7.6.
Exploit / POC
ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities
An exploit is not required to leverage these issues.
An exploit is not required to leverage these issues.
Solution / Fix
ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities
Solution:
The vendor has released ArGoSoft Mail Server 1.8.7.4 to address these issues.
New information is available that states that the more recent release of ArGoSoft Mail Server, version 1.8.7.6, is also vulnerable to these issues. It is not known at this time if these issues were incorrectly addressed in version 1.8.7.4, or older scripts were used in the newer release. It is conjectured that the 1.8.7.4 versions are also vulnerable to these issues.
Solution:
The vendor has released ArGoSoft Mail Server 1.8.7.4 to address these issues.
New information is available that states that the more recent release of ArGoSoft Mail Server, version 1.8.7.6, is also vulnerable to these issues. It is not known at this time if these issues were incorrectly addressed in version 1.8.7.4, or older scripts were used in the newer release. It is conjectured that the 1.8.7.4 versions are also vulnerable to these issues.
References
ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities
References:
References: