RockLiffe-wconsole.txt

RockLiffe-wconsole.txt: Posted Jan 26, 2006; Authored by OS2A; RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability; tags | advisory, denial of service; SHA-256 | 8aff353399cd70e494ccd17f68e2fda160bdabc46209288131fb167e560b0511; Download | Favorite | View

RockLiffe-wconsole.txt

OS2A

RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability


OS2A ID: OS2A_1004                              Status
                                              01/06/2006 Issue Discovered
                                              01/06/2006 Reported to the vendor
                                              01/19/2006 Patch Released
                                              01/20/2006 Advisory Released

Class: Denial of Service / Script Injection     Severity: CRITICAL


Overview:
Rockliffe's MailSite is a program for providing access to email
accounts on Microsoft Windows operating systems. MailSite HTTP Mail management
agent could allow a remote attacker to cause a denial of service or
execute arbitrary script code.


Description:
1. MailSite HTTP Mail management agent 7.0.3.1 version could allow a remote
 attacker cause a denial of service. A bug in the input validation routine
 in httpma causes the svchost process to consume more CPU cycles thus
 impacting Mailsite HTTP Management agent and ultimately crashing the service.

2. MailSite HTTP Mail management agent 6.x and 5.x could allow a remote
 attacker to inject arbitrary script code. This vulnerability is caused
 due to a design error in the wconsole.dll. This dll file contains html
 code embedded in it which is not properly sanitizing the user-input.

Impact:
 1. Remote attackers can exploit this issue to trigger a denial of service
  condition.
 2. An attacker may leverage this issue to have arbitrary script code
  executed in the browser in the context of the affected site.

Affected Software(s):
MailSite 7.0.3.1 and prior
MailSite 6.1.22 and prior
MailSite 5.x

Affected platform(s):
Windows (Any)

Exploit/Proof of Concept:
 For 7.x series
 http://www.example.com:90/CGI-BIN/WCONSOLE.DLL?Authenticate|cmd
 Any special characters passed to the parameters in the wconsole.dll
 triggers denial of service.

 For 6.x & 5.x series
 http://www.example.com:90/CGI-BIN/WCONSOLE.DLL?%3Cscript%3Ealert(document.cookie)%3C/script%3E

Solutions:
 For 7.x series apply the following patch.
 ftp://ftp.rockliffe.com/MailSite/Latest/Hotfixes/

 For 6.x series apply the following patch
 ftp://ftp.rockliffe.com/MailSite/6.1.22/Hotfixes/

Credits:
Rahul Mohandas of OS2A has been credited with the discovery of this
vulnerability.

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

RockLiffe-wconsole.txt

RockLiffe-wconsole.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

RockLiffe-wconsole.txt

Share This

RockLiffe-wconsole.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems