PT-2006-6202 · Marshal · Mailmarshal For Exchange+1

Publicado

2006-11-10

Atualizado

2018-10-17

CVE-2006-5487

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Marshal MailMarshal SMTP versions 5.x through 6.x Marshal MailMarshal SMTP version 2006 MailMarshal for Exchange versions 5.x

Description A directory traversal issue allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.

Recommendations For Marshal MailMarshal SMTP versions 5.x through 6.x, update to a version that fixes this issue. For Marshal MailMarshal SMTP version 2006, update to a version that fixes this issue. For MailMarshal for Exchange versions 5.x, update to a version that fixes this issue. As a temporary workaround, consider restricting access to ARJ compressed archives until a patch is available.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2006-5487

Produtos afetados

Mailmarshal For Exchange

Marshal Mailmarshal Smtp

PT-2006-6202 · Marshal · Mailmarshal For Exchange+1

CVE-2006-5487

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10