Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
|
|
SecurityTracker Alert ID: 1005639 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 15 2002
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 3.4.0.20021026
|
Description: A vulnerability was reported in Courier SqWebMail. A local user could view files on the system with elevated privileges.
It is reported that the software does not drop root permissions fast enough when starting up under certain circumstances, due to a flaw in 'sqwebmail.c'. A local user could exploit this to view arbitrary files on the system.
|
Impact: A local user could view files on the system with root privileges.
|
Solution: The vendor has released a fixed version (3.4.0.20021026), available at:
http://www.courier-mta.org/download.php#sqwebmail
|
Vendor URL: www.inter7.com/sqwebmail/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 15 Nov 2002 17:47:08 -0500
Subject: Courier SqWebMail Bug
|
A vulnerability was reported in Courier SqWebMail. According to reports, the software did
not drop permissions fast enough when starting up under certain circumstances. A local
user could exploit this to view arbitrary files on the system.
Vendor URL: http://www.inter7.com/sqwebmail/
Download URL: http://www.courier-mta.org/download.php#sqwebmail
>From the ChangeLog in sqwebmail-3.4.0.20021026:
2002-10-25 Mr. Sam <mrsam@courier-mta.com>
* sqwebmail.c (main2): Drop root privs before showing invalid.html
and printnocookie.html
|
|
