E-Post APPEND, COPY and RENAME file creation

epost-append-copy-rename-file-creation (24336) The risk level is classified as MediumMedium Risk

Description:

E-Post Mail Server Enterprise, E-Post Mail Server, E-Post SMTP Server Enterprise, E-Post SMTP Server, and SPA-PRO Mail @Solomon Enterprise could allow a remote attacker to create arbitrary files and directories on the system. A remote attacker could use the APPEND, COPY and RENAME commands in the IMAP service to create arbitrary files and directories outside the mail directory.

Platforms Affected:

  • e-Post, E-Post Mail Server 4.10
  • e-Post, E-Post Mail Server Enterprise 4.10
  • e-Post, E-Post SMTP Server 4.10
  • e-Post, E-Post SMTP Server Enterprise 4.10
  • e-Post, SPA-PRO Mail @Solomon 4.00
  • e-Post, SPA-PRO Mail @Solomon Enterprise 4.00
  • e-Post, SPA-PRO SMTP @Solomon 4.00

Remedy:

Apply the appropriate patch as listed in the Secunia Security Advisory: SA18480. See References.

Consequences:

File Manipulation

References:

  • E-Post Web site, E-Post Web site at http://www.e-postinc.jp/download.html. (Site in Japanese)
  • BID-16379: E-Post MailServer Multiple Remote Vulnerabilities
  • CVE-2006-0448: Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands.
  • FrSIRT/ADV-2006-0318: E-Post Mail Products Buffer Overflow and Denial of Service Vulnerabilities
  • OSVDB ID: 22764: E-Post Multiple Product IMAP LIST Command Traversal Arbitrary Directory Listing
  • OSVDB ID: 22765: E-Post Multiple Product IMAP Multiple Command Traversal Arbitrary File/Dir Creation
  • SA18480: E-Post Mail Server Products Multiple Vulnerabilities

Reported:

Jan 25, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page