what you don't know can hurt you

argosoft.1.8.txt

argosoft.1.8.txt
Posted Feb 18, 2005
Authored by Dr. Insane | Site secunia.com

The ArGoSoft Mail Server 1.8.x contains three vulnerabilities which allow malicious people to cause a DoS, disclose sensitive information, and create arbitrary directories on a vulnerable system.

tags | advisory, arbitrary, vulnerability
MD5 | ee53807b6f3ad90df057150a1a6af6a9

argosoft.1.8.txt

Change Mirror Download

TITLE:
ArGoSoft Mail Server Three Vulnerabilities

SECUNIA ADVISORY ID:
SA14221

VERIFY ADVISORY:
http://secunia.com/advisories/14221/

CRITICAL:
Less critical

IMPACT:
Manipulation of data, Exposure of sensitive information, DoS

WHERE:
>From remote

SOFTWARE:
ArGoSoft Mail Server 1.8.x
http://secunia.com/product/444/

DESCRIPTION:
Dr_insane has discovered three vulnerabilities in ArGoSoft Mail
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service), disclose sensitive information, and create
arbitrary directories on a vulnerable system.

1) Input passed to the username in "addnewuser" isn't properly
sanitised before being used to create directories. This can be
exploited to create a directory in an arbitrary location via
directory traversal attacks.

2) An error in the handling of long passwords (about 800 bytes) in
"addnewuser" can be exploited to cause a vulnerable service to
consume a large amount of CPU resources.

3) The problem is that the script "viewlogs.pl" can be accessed
without any authentication. This can be exploited to disclose some
potentially sensitive logging information.

The vulnerabilities have been confirmed in version 1.8.7.4. Other
versions may also be affected.

SOLUTION:
Disable "Allow Creation of Accounts from Web" in Tools --> Options
--> General.

Restrict access to the "viewlogs.pl" script.

PROVIDED AND/OR DISCOVERED BY:
Dr_insane

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close