Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
BID:20999
Info
Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
| Bugtraq ID: | 20999 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5487 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 10 2006 12:00AM |
| Updated: | Nov 14 2006 08:06PM |
| Credit: | This vulnerability was discovered by an anonymous researcher. |
| Vulnerable: |
Marshal MailMarshal SMTP 6.0 Marshal MailMarshal SMTP 5.0 Marshal MailMarshal SMTP 2006 Marshal MailMarshal for Exchange 5.0 |
| Not Vulnerable: |
Marshal MailMarshal SMTP 6.1.9 |
Discussion
Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
Marshal MailMarshal is affected by a remote directory-traversal vulnerability because the application fails to properly sanitize or validate filenames prior to decompression.
Exploiting this issue may allow an attacker to arbitrarily overwrite files with a user's privileges when a malicious compressed file is decompressed with the affected application.
MailMarshal SMTP 5.x, MailMarshal SMTP 6.x, MailMarshal SMTP 2006, and MailMarshal for Exchange 5.x are vulnerable; other versions may also be affected.
Marshal MailMarshal is affected by a remote directory-traversal vulnerability because the application fails to properly sanitize or validate filenames prior to decompression.
Exploiting this issue may allow an attacker to arbitrarily overwrite files with a user's privileges when a malicious compressed file is decompressed with the affected application.
MailMarshal SMTP 5.x, MailMarshal SMTP 6.x, MailMarshal SMTP 2006, and MailMarshal for Exchange 5.x are vulnerable; other versions may also be affected.
Exploit / POC
Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
To exploit this issue, an attacker must entice a victim user to open a malformed archive file. The attacker may use readily available archiving utilities to create the archive file.
To exploit this issue, an attacker must entice a victim user to open a malformed archive file. The attacker may use readily available archiving utilities to create the archive file.
Solution / Fix
Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
Solution:
The vendor has released MailMarshal SMTP 2006 version 6.1.8. to address this issue; please contact the vendor to obtain the appropriate fixes.
Solution:
The vendor has released MailMarshal SMTP 2006 version 6.1.8. to address this issue; please contact the vendor to obtain the appropriate fixes.
References
Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
References:
References: