Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emumail | Emumail | 3.0 (including) | 3.0 (including) |
| Emumail_red_hat_linux | Emumail | 5.0 (including) | 5.0 (including) |
| Emumail_red_hat_linux | Emumail | 5.1 (including) | 5.1 (including) |
| Emumail_unix | Emumail | 5.0 (including) | 5.0 (including) |
| Emumail_unix | Emumail | 5.1 (including) | 5.1 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html
- http://www.emumail.com/downloads/download_unix.html/
- http://www.iss.net/security_center/static/8766.php
- http://www.securityfocus.com/bid/4435
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html
- http://www.emumail.com/downloads/download_unix.html/
- http://www.iss.net/security_center/static/8766.php
- http://www.securityfocus.com/bid/4435