|
Family: Misc. --> Category: mixed
ArGoSoft Mail Server IMAP Server Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for directory traversal vulnerability in ArGoSoft IMAP server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IMAP server is subject to directory traversal attacks.
Description :
The remote host is running ArGoSoft Mail Server, a messaging system
for Windows.
The IMAP server bundled with the version of ArGoSoft Mail Server
installed on the remote host fails to filter directory traversal
sequences from mailbox names passed to the 'RENAME' command. An
authenticated attacker can exploit this issue to move mailboxes to any
location on the affected system.
See also :
http://archives.neohapsis.com/archives/bugtraq/2006-02/0439.html
http://www.argosoft.com/rootpages/mailserver/ChangeList.aspx
Solution :
Upgrade to ArGoSoft Mail Server 1.8.8.6 or later.
Threat Level:
Low / CVSS Base Score : 1.4
(AV:R/AC:L/Au:R/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|