ArGoSoft Mail Server Pro IMAP RENAME Command Traversal Arbitrary Directory Creation

medium Nessus Plugin ID 20977

Synopsis

The remote IMAP server is subject to directory traversal attacks.

Description

The remote host is running ArGoSoft Mail Server, a messaging system for Windows.

The IMAP server bundled with the version of ArGoSoft Mail Server installed on the remote host fails to filter directory traversal sequences from mailbox names passed to the 'RENAME' command. An authenticated attacker can exploit this issue to move mailboxes to any location on the affected system.

Solution

Upgrade to ArGoSoft Mail Server 1.8.8.6 or later.

See Also

https://seclists.org/bugtraq/2006/Feb/448

https://www.argosoft.com/rootpages/mailserver/ChangeList.aspx

Plugin Details

Severity: Medium

ID: 20977

File Name: argosoft_ms_imap_rename_dir_traversal.nasl

Version: 1.22

Type: remote

Family: Misc.

Published: 2/25/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Vulnerability Information

Required KB Items: imap/login, imap/password

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2/14/2006

Reference Information

CVE: CVE-2006-0929

BID: 16809