Secunia Security Advisory - ShineShadow has reported some vulnerabilities in IceWarp Web Mail, which can be exploited by malicious users to detect the presence of local files, manipulate certain data and disclose sensitive information.
21070e8c13aa472c33eb6eb3b406f7fac0612026014e665e15545405fc759390
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
IceWarp Web Mail Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA15249
VERIFY ADVISORY:
http://secunia.com/advisories/15249/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, Exposure of system information, Exposure of
sensitive information
WHERE:
>From remote
SOFTWARE:
IceWarp Web Mail 5.x
http://secunia.com/product/3775/
Merak Mail Server 8.x
http://secunia.com/product/5054/
DESCRIPTION:
ShineShadow has reported some vulnerabilities in IceWarp Web Mail,
which can be exploited by malicious users to detect the presence of
local files, manipulate certain data and disclose sensitive
information.
1) Input passed to the "folder" parameter in "viewaction.html" isn't
properly verified. This can be exploited to move the user's home
directory to the mail directory.
2) An error in "attachment.html" can be exploited to detect the
presence of local files via the "attachmentpage_text_title" and
"folder" parameters.
3) An error in "importaction.html" can be exploited to move arbitrary
files to a user's home directory via the "importfile" parameter.
This can further be exploited to disclose the content of arbitrary
files by importing the file to the address book or in combination
with vulnerability 1.
It is also possible to disclose the full path to
"calendar_addevent.html", "calendar_event.html" and
"calendar_task.html" by accessing them without some required
parameters.
The vulnerabilities have been reported in Merak Mail Server 8.0.3
with IceWarp Web Mail 5.4.2. Other versions may also be affected.
SOLUTION:
Grant only trusted users access to the web mail.
PROVIDED AND/OR DISCOVERED BY:
ShineShadow
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------