SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  Open WebMail Vendors:  openwebmail.org
Open WebMail Input Validation Hole Prior to open() Call Lets Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1013859
SecurityTracker URL:  http://securitytracker.com/id?1013859
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 2 2005
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 2.51 20050430
Description:  A vulnerability was reported in Open WebMail. A remote authenticated user can execute arbitrary code on the target system.

The software does not properly validate certain user-supplied parameters, which are passed to a Perl open() function call. A remote authenticated user can supply specially crafted parameter values to execute operating system commands on the target system. The commands will run with the privileges of the remote authenticated user.

The vendor credits Matej Vela with reporting this vulnerability.
Impact:  A remote authenticated user can execute arbitrary code on the target system with the privileges of the user.
Solution:  The vendor has issued a fixed version, available at:

http://openwebmail.org/openwebmail/download/

The vendor has also released patches, available at:

http://openwebmail.org/openwebmail/download/cert/patches/SA-05:02/
http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:02/
Vendor URL:  openwebmail.org/openwebmail/download/cert/patches/SA-05:02/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents
Date:  Mon, 2 May 2005 03:43:55 -0400
Subject:  http://sourceforge.net/forum/forum.php?thread_id=1276640&forum_id=108435

 
 
 
By: Open WebMail - openwebmailProject Admin
Security Advisory 20050502  
2005-05-01 21:37
Topic: Loginned user can execute arbitrary command on the server 
 
Announced: 2005-05-02 
Credits: Matej Vela 
<vela.AT.debian.org> 
Affects: all versions before 20050430 
Corrected: openwebmail versions after 2.51 20050430 
 
Patches: http://openwebmail.org/openwebmail/download/cert/patches/SA-05:02/ 
http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:02/ 
 
I. Background 
 
The open(F, $filename) statement in perl will treat some characters in 
$filename as shell escape sequence, which causes the sub string in 
$filename being executed as external command 
 
II. Problem Description 
 
Several vulnerabilities have been discovered in OWM due to missing 
validation of CGI parameters supplied as filename 
 
III. Impact 
 
When correctly exploited, a loginned user can execute arbitrary command 
on the server with privilege of his own uid 
 
IV. Workaround 
 
No. 
 
V. Solution 
 
upgrade to the latest openwebmail-current.tar.gz


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC