Detections
Analytics

NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation

medium Nessus Plugin ID 20932

Language:

Synopsis

The remote web server contains a Perl application that is affected by an access validation failure.

Description

The remote host is running NeoMail, an open source webmail application written in Perl.

The installed version of this software fails to validate the 'sessionid' parameter in the 'neomail-prefs.pl' script as a valid session identifier. An unauthenticated attacker may be able to exploit this issue to create or delete arbitrary mail-folder files on the affected host subject to the permissions of the group id under which the affected application operates.

Note that successful exploitation requires that '$homedirfolders' and '$homedirspools' both be set to 'no' in NeoMail's configuration.

Solution

Upgrade to NeoMail version 1.29 or later.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2006-3/advisory/

http://www.nessus.org/u?42e79545

Plugin Details

Severity: Medium

ID: 20932

File Name: neomail_sessionid_validation.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 2/16/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:neomail:neomail

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/14/2006

Reference Information

CVE: CVE-2006-0711

BID: 16651