Basilix Webmail Attachment Crafted POST Arbitrary File Access

medium Nessus Plugin ID 14305

Synopsis

The remote web server contains a PHP script that is prone to an information disclosure vulnerability.

Description

The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they accept a list of attachment names from the client yet do not verify that the attachments were in fact uploaded.

Further, since these versions do not sanitize input to the 'login.php3' script, it's possible for an attacker to establish a session on the target without otherwise having access there by authenticating against an IMAP server of his or her choosing.

Solution

Upgrade to BasiliX version 1.1.1 or later.

See Also

http://www.nessus.org/u?2aaad05a

Plugin Details

Severity: Medium

ID: 14305

File Name: basilix_arbitrary_file_disclosure.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 8/9/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/basilix

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/18/2002

Reference Information

CVE: CVE-2002-1710

BID: 5062