Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
BID:1623
Info
Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
| Bugtraq ID: | 1623 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 30 2000 12:00AM |
| Updated: | Aug 30 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by Sverre H. Huseby <[email protected]> on Aug 29, 2000. |
| Vulnerable: |
Stalkerlab Mailers 1.1.2 |
| Not Vulnerable: | |
Discussion
Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
SStalkerlab's Mailers 1.1.2 and possibly more recent versions are subject to a design error which could potentially enable a user to access the local files of the web server.
Mailers 1.1.2 contains the program CGImail.exe which uses a template file located on the web server disk to convert the HTML form to email. Due to specific values in the file it is possible for a user to save the web page to disk and modify different variables such as the $To$, $Attach$ and the $File$ variables. This could potentially cause the program to send any file saved on the web server to the user.
SStalkerlab's Mailers 1.1.2 and possibly more recent versions are subject to a design error which could potentially enable a user to access the local files of the web server.
Mailers 1.1.2 contains the program CGImail.exe which uses a template file located on the web server disk to convert the HTML form to email. Due to specific values in the file it is possible for a user to save the web page to disk and modify different variables such as the $To$, $Attach$ and the $File$ variables. This could potentially cause the program to send any file saved on the web server to the user.
Exploit / POC
Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
Currently the SecurityFocus staff are not aware of any exploit for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploit for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Work Around provided by the poster of this vulnerability:
"There is no fail safe manner in which to mitigate the risk posed by this vulnerability. Until the vendor provides a solution you may wish to disable this software. It should be noted in order to achieve this you will need to either rename the binary(ies), change the execution permissions or remove the package entirely as an intruder may still exploit this problem if the package is resident in the server, even if it is not in active use."
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Work Around provided by the poster of this vulnerability:
"There is no fail safe manner in which to mitigate the risk posed by this vulnerability. Until the vendor provides a solution you may wish to disable this software. It should be noted in order to achieve this you will need to either rename the binary(ies), change the execution permissions or remove the package entirely as an intruder may still exploit this problem if the package is resident in the server, even if it is not in active use."
References
Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability
References:
References:
- The Stalkerlab's Mailers V1.20 (Google's cache of Stalkerlab's Mailers Product Page)