SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   SquirrelMail Vendors:   SquirrelMail Development Team
SquirrelMail Input Validation Flaw in 'Deliver.class.php' Lets Remote Authenticated Users View Files on the Target System
SecurityTracker Alert ID:  1040554
SecurityTracker URL:  http://securitytracker.com/id/1040554
CVE Reference:   CVE-2018-8741   (Links to External Site)
Date:  Mar 19 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  

Description:   A vulnerability was reported in SquirrelMail. A remote authenticated user can obtain files on the target system.

A remote authenticated user can upload a file with a specially crafted filename containing directory traversal characters (e.g., '../') to trigger an input validation flaw in 'Deliver.class.php' cause the system to attach arbitrary files to an email message with the privileges of the target PHP process.

This can also be exploited to delete arbitrary files with the privileges of the target PHP process.

The original advisory is available at:

https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/

Florian Grunow from ERNW reported this vulnerability.

Impact:   A remote authenticated user can obtain or delete files on the target system with the privileges of the target PHP process.
Solution:   No solution was available at the time of this entry.

[Editor's note: Two different third party proposed patches are available at:
https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/
https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e]

Vendor URL:  www.squirrelmail.org/security/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC