BID:13141

Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vulnerability

Info

Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vulnerability

Bugtraq ID:	13141
Class:	Input Validation Error
CVE:	CVE-2005-1105
Remote:	Yes
Local:	No
Published:	Apr 12 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	Discovery is credited to Rafael San Miguel Carrasco.
Vulnerable:	Sun JavaMail 1.3.2

Not Vulnerable:

Discussion

Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vulnerability

Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet.

This issue was reported to affect JavaMail 1.3.2, however, earlier versions may also be vulnerable.

Exploit / POC

Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vulnerability

An exploit is not required.

The following example was provided:

Content-Disposition: ../../../file.ext

Solution / Fix

Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vulnerability

References:

JavaMail allows directory traversal in attachments (Rafael San Miguel Carrasco )