Vulnerabilities in Ipswitch IMail Server 7.04
From: Arne Vidstrom (arne.vidstrom@NTSECURITY.NU)Date: 10/11/01
- Previous message: Kurt Seifried: "Re: Microsoft Strategic Technology Protection Program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <NLECJAEFKPPNCLPPMHLPMEBNCIAA.arne.vidstrom@ntsecurity.nu> Date: Thu, 11 Oct 2001 21:59:55 +0200 From: Arne Vidstrom <arne.vidstrom@NTSECURITY.NU> Subject: Vulnerabilities in Ipswitch IMail Server 7.04 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Hi all,
There are a couple of vulnerabilities in Ipswitch IMail Server 7.04.
*** In the POP3 Server ***
If you enter a valid username the reply is:
+OK welcome
On the other hand, if you enter a username that doesn't exist on the server
the reply is:
+OK send your password
This gives you a way to probe for existing accounts on the server.
*** In the Web Messaging Server ***
Log in on one account in the Web Messaging Server and Select Change User
Information. Save the HTML page on disk and change the value of the hidden
INPUT tag called "olduser" to the name of another account. You also have to
change the ACTION value of the FORM tag so it points to the server, and it
must also contain the random string that you find in the URL to the ordinary
page. Then load this changed page into the browser, fill in some new user
information and click on the Save button. This way you can change the user
information for any other user.
*** Vendor response ***
Ipswitch have created a patch that among other things fix these two
vulnerabilities. You can find it at:
http://www.ipswitch.com/support/IMail/patch-upgrades.html
*** Other information ***
This advisory can also be found at:
http://ntsecurity.nu/advisories/a16.shtml
Regards /Arne Vidstrom, http://ntsecurity.nu
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate
- Previous message: Kurt Seifried: "Re: Microsoft Strategic Technology Protection Program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
