lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3b1234b30601200857w62ff12as50c00a842225ec5c@mail.gmail.com>
Date: Fri Jan 20 16:57:29 2006
From: os2a.bto at gmail.com (OS2A BTO)
Subject: RockLiffe MailSite wconsole.dll Denial of
	Service/Script Injection Vulnerability

OS2A

RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability


OS2A ID: OS2A_1004                              Status
                                              01/06/2006 Issue Discovered
                                              01/06/2006 Reported to the vendor
                                              01/19/2006 Patch Released
                                              01/20/2006 Advisory Released

Class: Denial of Service / Script Injection     Severity: CRITICAL


Overview:
Rockliffe's MailSite is a program for providing access to email
accounts on Microsoft Windows operating systems. MailSite HTTP Mail management
agent could allow a remote attacker to cause a denial of service or
execute arbitrary script code.


Description:
1. MailSite HTTP Mail management agent 7.0.3.1 version could allow a remote
 attacker cause a denial of service. A bug in the input validation routine
 in httpma causes the svchost process to consume more CPU cycles thus
 impacting Mailsite HTTP Management agent and ultimately crashing the service.

2. MailSite HTTP Mail management agent 6.x and 5.x could allow a remote
 attacker to inject arbitrary script code. This vulnerability is caused
 due to a design error in the wconsole.dll. This dll file contains html
 code embedded in it which is not properly sanitizing the user-input.

Impact:
 1. Remote attackers can exploit this issue to trigger a denial of service
  condition.
 2. An attacker may leverage this issue to have arbitrary script code
  executed in the browser in the context of the affected site.

Affected Software(s):
MailSite 7.0.3.1 and prior
MailSite 6.1.22 and prior
MailSite 5.x

Affected platform(s):
Windows (Any)

Exploit/Proof of Concept:
 For 7.x series
 http://www.example.com:90/CGI-BIN/WCONSOLE.DLL?Authenticate|cmd
 Any special characters passed to the parameters in the wconsole.dll
 triggers denial of service.

 For 6.x & 5.x series
 http://www.example.com:90/CGI-BIN/WCONSOLE.DLL?%3Cscript%3Ealert(document.cookie)%3C/script%3E

Solutions:
 For 7.x series apply the following patch.
 ftp://ftp.rockliffe.com/MailSite/Latest/Hotfixes/

 For 6.x series apply the following patch
 ftp://ftp.rockliffe.com/MailSite/6.1.22/Hotfixes/

Credits:
Rahul Mohandas of OS2A has been credited with the discovery of this
vulnerability.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ