SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a users Finger File to point to the target file, then running finger on the user.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Slmail | Seattle_lab_software | 3.0.2421 (including) | 3.0.2421 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=91996412724720\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=91999015212415\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=92110501504997\u0026w=2
- http://www.securityfocus.com/bid/497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5392
- http://marc.info/?l=bugtraq\u0026m=91996412724720\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=91999015212415\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=92110501504997\u0026w=2
- http://www.securityfocus.com/bid/497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5392