Detections
Analytics

MailMarshal tar Archive Traversal Arbitrary File Overwrite

critical Nessus Plugin ID 26060

Synopsis

The remote Windows host has a program that is prone to a directory traversal attack.

Description

The remote host is running MailMarshal, a mail server for Windows.

According to the registry, the installation of MailMarshal on the remote Windows host fails to properly sanitize file names when unpacking tar files. A remote attacker may be able to leverage this issue to overwrite files and execute arbitrary code. Further, since the application operates with SYSTEM privileges, this could lead to a complete compromise of the affected system.

Solution

Apply the appropriate patch for MailMarshal SMTP or MailMarshal Exchange as described in the vendor advisory.

See Also

https://www3.trustwave.com/support/kb/article.aspx?id=11780

Plugin Details

Severity: Critical

ID: 26060

File Name: mailmarshal_tar_traversal.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 9/18/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/30/2007

Reference Information

BID: 25523