MailMarshal tar Archive Traversal Arbitrary File Overwrite

Critical Nessus Plugin ID 26060


The remote Windows host has a program that is prone to a directory traversal attack.


The remote host is running MailMarshal, a mail server for Windows.

According to the registry, the installation of MailMarshal on the remote Windows host fails to properly sanitize file names when unpacking tar files. A remote attacker may be able to leverage this issue to overwrite files and execute arbitrary code. Further, since the application operates with SYSTEM privileges, this could lead to a complete compromise of the affected system.


Apply the appropriate patch for MailMarshal SMTP or MailMarshal Exchange as described in the vendor advisory.

See Also

Plugin Details

Severity: Critical

ID: 26060

File Name: mailmarshal_tar_traversal.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Family: Windows

Published: 2007/09/18

Modified: 2015/01/12

Dependencies: 13855

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/08/30

Reference Information

BID: 25523

OSVDB: 38184