Info

Disclosure

Jan 27, 2005

Discovery

Jan 15, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Winmail Server contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the 'download.php' script not properly sanitizing user input, specifically traversal style attacks (../../) resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 4.0 (Build 1318) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

AMAX Information Technologies Inc.

Winmail Server

4.0 (Build 1112)

References

Bugtraq ID: 12388
Related OSVDB ID: 13245 13246 13247 13248
Other Advisory URL: http://www.security.org.sg/vuln/magicwinmail40.html
Secunia Advisory ID: 14053
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0306.html
CVE ID: 2005-0313 (see also: NVD)
Security Tracker: 1013017

Credit

Tan Chew Keong - vulnsecunia.com - Secunia Research

Direct URL: http://osvdb.org/36218