---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: IceWarp Web Mail Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15249 VERIFY ADVISORY: http://secunia.com/advisories/15249/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information WHERE: >From remote SOFTWARE: IceWarp Web Mail 5.x http://secunia.com/product/3775/ Merak Mail Server 8.x http://secunia.com/product/5054/ DESCRIPTION: ShineShadow has reported some vulnerabilities in IceWarp Web Mail, which can be exploited by malicious users to detect the presence of local files, manipulate certain data and disclose sensitive information. 1) Input passed to the "folder" parameter in "viewaction.html" isn't properly verified. This can be exploited to move the user's home directory to the mail directory. 2) An error in "attachment.html" can be exploited to detect the presence of local files via the "attachmentpage_text_title" and "folder" parameters. 3) An error in "importaction.html" can be exploited to move arbitrary files to a user's home directory via the "importfile" parameter. This can further be exploited to disclose the content of arbitrary files by importing the file to the address book or in combination with vulnerability 1. It is also possible to disclose the full path to "calendar_addevent.html", "calendar_event.html" and "calendar_task.html" by accessing them without some required parameters. The vulnerabilities have been reported in Merak Mail Server 8.0.3 with IceWarp Web Mail 5.4.2. Other versions may also be affected. SOLUTION: Grant only trusted users access to the web mail. PROVIDED AND/OR DISCOVERED BY: ShineShadow ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------