ArGoSoft Mail Server Pro IMAP RENAME Command Traversal Arbitrary Directory Creation
Medium Nessus Plugin ID 20977
SynopsisThe remote IMAP server is subject to directory traversal attacks.
DescriptionThe remote host is running ArGoSoft Mail Server, a messaging system for Windows.
The IMAP server bundled with the version of ArGoSoft Mail Server installed on the remote host fails to filter directory traversal sequences from mailbox names passed to the 'RENAME' command. An authenticated attacker can exploit this issue to move mailboxes to any location on the affected system.
SolutionUpgrade to ArGoSoft Mail Server 126.96.36.199 or later.