Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)
From: SecurITeam BugTraq Monitoring (bugtraq_at_SECURITEAM.COM)
Date: 06/16/03
- Previous message: SecurITeam BugTraq Monitoring: "[Full-Disclosure] Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Jun 2003 11:31:13 +0200 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Summary:
Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful
mailing list server". The product suffeed from multiple vulnerabilities that
range from access to files that reside outside the bounding HTML root directory
(through dnying access to the server by causing the server to utilize a high CPU
percentage) through decryption of locally stored password, to a cross site
scripting vulnerability in the web mail interface.
Vulnerable version:
* Mailtraq version 2.1.0.1302
Immune version:
* Mailtraq version 2.3.2.1419
For the complete advisory see:
http://www.securiteam.com/windowsntfocus/5HP0G1FAAC.html
Thanks
SecurITeam
http://www.SecurITeam.com
http://www.BeyondSecurity.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Free 14-day trial of New Threat & Vulnerability Notification Service
TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your free, no obligation 14-day trial today!
http://www.trusecure.com/offer/s0074/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: SecurITeam BugTraq Monitoring: "[Full-Disclosure] Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- SecurityFocus Microsoft Newsletter #142
... MICROSOFT VULNERABILITY SUMMARY ... Mollensoft Enceladus Server Suite
Clear Text Password Storage... ... FakeBO Syslog Format String Vulnerability ...
Methodus 3 Web Server File Disclosure Vulnerability ... (Focus-Microsoft) - SecurityFocus Microsoft Newsletter #139
... OFF any Windows 2000 Managed Dedicated Hosting Solution from Interland. ...
Sun ONE Application Server Plaintext Password Vulnerability ... Batalla Naval Remote
Buffer Overflow Vulnerability ... (Focus-Microsoft) - SecurityFocus Microsoft Newsletter #140
... Cafelog b2 Remote File Include Vulnerability ... Webfroot Shoutbox Remote
Command Execution Vulnerability ... Pablo Software Solutions Baby POP3 Server Multiple
Connection... ... Microsoft Windows XP Nested Directory Denial of Service... ...
(Focus-Microsoft) - SecurityFocus Microsoft Newsletter # 150
... - automatically set positive security policies for real-time protection, ...
MICROSOFT VULNERABILITY SUMMARY ... Meteor FTP Server USER Memory Corruption Vulnerability
... MDaemon SMTP Server Null Password Authentication Vulnerabili... ... (Focus-Microsoft) - SecurityFocus Microsoft Newsletter #152
... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server
Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ... (Focus-Microsoft)
