OSVDB ID: 20925

Title: Winmail Server /admin/main.php sid Parameter Traversal Arbitrary File Overwrite

Info

Disclosure

Nov 18, 2005

Discovery

Oct 28, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Winmail Mail Server contains a flaw that allows a remote attacker to overwrite files outside of the web path. The issue is due to the main.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "sid" parameter.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

AMAX Information Technologies Inc.

Winmail Mail Server

4.2 (build 0824)

References

Bugtraq ID: 15493
Secunia Advisory ID: 16665
CVE ID: 2005-3811 (see also: NVD)
Related OSVDB ID: 20926 20927 20928
ISS X-Force ID: 23132
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html
Other Advisory URL: http://secunia.com/secunia_research/2005-58/advisory/
http://securityreason.com/securityalert/195
Vendor URL: http://www.magicwinmail.net/

Credit

Secunia Security Advisories - sec-advsecunia.com - Secunia

Direct URL: http://osvdb.org/20925