ArGoSoft Mail Server Pro IMAP RENAME Command Traversal Arbitrary Directory Creation

Medium Nessus Plugin ID 20977


The remote IMAP server is subject to directory traversal attacks.


The remote host is running ArGoSoft Mail Server, a messaging system for Windows.

The IMAP server bundled with the version of ArGoSoft Mail Server installed on the remote host fails to filter directory traversal sequences from mailbox names passed to the 'RENAME' command. An authenticated attacker can exploit this issue to move mailboxes to any location on the affected system.


Upgrade to ArGoSoft Mail Server or later.

See Also

Plugin Details

Severity: Medium

ID: 20977

File Name: argosoft_ms_imap_rename_dir_traversal.nasl

Version: $Revision: 1.20 $

Type: remote

Family: Misc.

Published: 2006/02/25

Modified: 2016/10/07

Dependencies: 10125, 17975

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: imap/login, imap/password

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2006/02/14

Reference Information

CVE: CVE-2006-0929

BID: 16809

OSVDB: 23474