[security-alerts] FW: [SA20059] Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA20059
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/20059/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass, Exposure of sensitive information
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> EServ 3.x
> http://secunia.com/product/10236/
> 
> DESCRIPTION:
> Secunia Research has discovered some vulnerabilities in Eserv/3,
> which can be exploited by malicious users to bypass certain security
> restrictions and to disclose potentially sensitive information, and
> by malicious people to gain access to potentially sensitive
> information.
> 
> 1) Directory traversal errors exist in the CREATE, SELECT, DELETE,
> RENAME, COPY and APPEND commands of the IMAP service. This can be
> exploited by an authenticated user to read other users' emails,
> create/rename arbitrary directories on the system, and delete empty
> directories.
> 
> 2) A validation error of the filename extension supplied by the user
> in the URL can be exploited to retrieve the source code of script
> files (e.g. PHP, PL) from the HTTP server via specially crafted
> requests containing dot, space and slash characters.
> 
> The vulnerabilities have been confirmed in version 3.25. Prior
> versions may also be affected.
> 
> SOLUTION:
> Update to version 3.26 or apply patch.
> http://www.eserv.ru/download/EservEproxy326a-setup.exe
> 
> Patch for version 3.25:
> http://www.eserv.ru/download/Eserv325-fix.zip
> 
> PROVIDED AND/OR DISCOVERED BY:
> Tan Chew Keong, Secunia Research.
> 
> ORIGINAL ADVISORY:
> EServ:
> http://www.eserv.ru/ru/news/news_detail.php?ID=235
> 
> Secunia Research:
> http://secunia.com/secunia_research/2006-37/
>