PT-2006-6202 · Marshal · Mailmarshal For Exchange+1

Published

2006-11-10

Updated

2018-10-17

CVE-2006-5487

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Marshal MailMarshal SMTP versions 5.x through 6.x Marshal MailMarshal SMTP version 2006 MailMarshal for Exchange versions 5.x

Description A directory traversal issue allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.

Recommendations For Marshal MailMarshal SMTP versions 5.x through 6.x, update to a version that fixes this issue. For Marshal MailMarshal SMTP version 2006, update to a version that fixes this issue. For MailMarshal for Exchange versions 5.x, update to a version that fixes this issue. As a temporary workaround, consider restricting access to ARJ compressed archives until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2006-5487

Affected Products

Mailmarshal For Exchange

Marshal Mailmarshal Smtp

PT-2006-6202 · Marshal · Mailmarshal For Exchange+1

CVE-2006-5487

Weakness Enumeration

Related Identifiers

Affected Products

References · 10