|
|
>> Eserv IMAP Directory Traversal and HTTP Source Code Disclosure Vulnerabilities
|
Title : Eserv IMAP Directory Traversal and HTTP Source Code Disclosure Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-2066
CVE ID : CVE-2006-2308 - CVE-2006-2309
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-31
|
Multiple vulnerabilities have been identified in Eserv, which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information.
The first issue is due to directory traversal errors in the IMAP service that does not validate user-supplied arguments passed to the "CREATE", "SELECT", "DELETE", "RENAME", "COPY" and "APPEND" commands, which could be exploited by authenticated users to manipulate arbitrary files and directories.
The second flaw is due to an input validation error when handling a specially crafted filename extension containing dot, space and slash characters, which could be exploited by remote attackers to display the source code of arbitrary files (e.g. PHP) instead of an expected HTML response.
Affected Products
Eserv version 3.25 and prior
Solution
Upgrade to Eserv version 3.26 :
http://www.eserv.ru/download/EservEproxy326a-setup.exe
Or apply patch for Eserv version 3.25 :
http://www.eserv.ru/download/Eserv325-fix.zip
References
http://www.vupen.com/english/advisories/2006/2066
http://secunia.com/secunia_research/2006-37/advisory
Credits
Vulnerabilities reported by Tan Chew Keong
ChangeLog
2006-05-31 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
