Info

Disclosure

Aug 30, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

MailMarshal contains a flaw that may allow a remote context-dependant attacker to overwrite arbitrary files on the target system. The issue is due to the server not properly handling TAR archives. With a specially crafted archive, an attacker may be able to trick a user into extracting the files and overwriting arbitrary files on the system. This could be used to install malicious software on the system.

Classification

Attack Type: Input Manipulation

Solution

Products

Unknown or Incomplete

References

Secunia Advisory ID: 26661
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0034.html
Vendor Specific News/Changelog Entry: http://marshal.com/kb/article.aspx?id=11780

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218