Info

Disclosure

Jan 27, 2005

Discovery

Jan 15, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Winmail Server contains a flaw that allows a remote attacker to upload arbitrary files. The issue is due to the 'upload.php' script not properly sanitizing user input, specifically traversal style attacks (../../). It is possible for a remote attacker to upload arbitrary PHP scripts which would be executed with LOCAL SYSTEM privileges, resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 4.0 (Build 1318) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

AMAX Information Technologies Inc.

Winmail Server

4.0 (Build 1112)

References

Bugtraq ID: 12388
Related OSVDB ID: 13244 13246 13247 13248
Other Advisory URL: http://www.security.org.sg/vuln/magicwinmail40.html
Secunia Advisory ID: 14053
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0306.html
CVE ID: 2005-0313 (see also: NVD)
Security Tracker: 1013017

Credit

Tan Chew Keong - vulnsecunia.com - Secunia Research

Direct URL: http://osvdb.org/36218