Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)

• Previous message: Russ: "Re: 811493 again and again - fixed?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Mon, 16 Jun 2003 11:31:13 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Summary:
Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful
mailing list server". The product suffeed from multiple vulnerabilities that
range from access to files that reside outside the bounding HTML root directory
(through dnying access to the server by causing the server to utilize a high CPU
percentage) through decryption of locally stored password, to a cross site
scripting vulnerability in the web mail interface.

Vulnerable version:
 * Mailtraq version 2.1.0.1302

Immune version:
 * Mailtraq version 2.3.2.1419

For the complete advisory see:
http://www.securiteam.com/windowsntfocus/5HP0G1FAAC.html

Thanks
SecurITeam
http://www.SecurITeam.com
http://www.BeyondSecurity.com

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Free 14-day trial of New Threat & Vulnerability Notification Service

TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your free, no obligation 14-day trial today!

http://www.trusecure.com/offer/s0074/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Russ: "Re: 811493 again and again - fixed?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages SecurityFocus Microsoft Newsletter #142 ... MICROSOFT VULNERABILITY SUMMARY ... Mollensoft Enceladus Server Suite Clear Text Password Storage... ... FakeBO Syslog Format String Vulnerability ... Methodus 3 Web Server File Disclosure Vulnerability ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #139 ... OFF any Windows 2000 Managed Dedicated Hosting Solution from Interland. ... Sun ONE Application Server Plaintext Password Vulnerability ... Batalla Naval Remote Buffer Overflow Vulnerability ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #140 ... Cafelog b2 Remote File Include Vulnerability ... Webfroot Shoutbox Remote Command Execution Vulnerability ... Pablo Software Solutions Baby POP3 Server Multiple Connection... ... Microsoft Windows XP Nested Directory Denial of Service... ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter # 150 ... - automatically set positive security policies for real-time protection, ... MICROSOFT VULNERABILITY SUMMARY ... Meteor FTP Server USER Memory Corruption Vulnerability ... MDaemon SMTP Server Null Password Authentication Vulnerabili... ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #152 ... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ... (Focus-Microsoft)