Magic Winmail upload.php script file upload

magicwinmail-uploadphp-file-upload (19108) The risk level is classified as MediumMedium Risk

Description:

Magic Winmail Server is a POP3 and SMTP server for Microsoft Windows platforms. Magic Winmail Server version 4.0 Build 1112 and possibly earlier versions running on Microsoft Windows 2000 SP4 and Windows XP SP2 could allow an authenticated remote attacker to upload arbitrary files to the server, caused by a vulnerability in the upload.php script. The upload.php script is used to upload an email attachment when writing an email. A remote attacker could send a specially-crafted file name to the upload.php script to traverse directories and upload arbitrary files to a location on the server. If the default installation of the Winmail server is used, the attacker can install and execute arbitrary PHP scripts with LOCAL SYSTEM privileges.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Magic Winmail Server (4.0 Build 1318 or later), available from the Winmail Server Web site. See References.

References:

  • BuTraq Mailing List, Thu Jan 27 2005 - 09:55:44 CST: Magic Winmail Server v4.0 Multiple Vulnerabilities.
  • Winmail Server Web site: Winmail Mail Server - Professional and Easy to Use.
  • BID-12388: Magic Winmail Server Multiple Vulnerabilities
  • CVE-2005-0313: Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
  • SA14053: Winmail Server Multiple Vulnerabilities
  • SECTRACK ID: 1013017: Magic Winmail Server Input Validation Holes in Webmail and IMAP Services Allow Directory Traversal Attacks

Platforms Affected:

  • AMAX Information Technologies Winmail Server 4.0 (Build 1112)
  • Microsoft Windows 2000 SP4
  • Microsoft Windows XP SP2

Reported:

Jan 27, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page