[IMail Forum] IMail Web Service User Aliases / Mailing Lists AdminVulnerability

Wed, 02 Jan 2002 10:57:20 -0800 

Happy new year all,

I saw this following IMail vulnerabilty posted on bugtraq.  Does anyone
know of a fix for it?

Cheers,

Richard

> Subject: IMail Web Service User Aliases / Mailing Lists Admin Vulnerability
> Date: 31 Dec 2001 22:31:16 +0000
> 
> 
> 
> IMail Web Service User Aliases / Mailing Lists Admin 
> Vulnerability
> 
> Date                    : January 1, 2002
> Author                  : Zeeshan Mustafa 
> [[EMAIL PROTECTED]]
> Application             : IPSwitch IMail Web Service
> Versions Test           : 7.05/7.04/7.03/7.02/7.01/6.x
> Exploitable             : Remote
> Vendor Status           : Notified
> Impact of vulnerability : Forced control of user aliases 
> and mail lists
> 
> 
> Overview:
> 
>       IPSwitch IMail Web Service is a popular 
> daemon, web-based popper used by
>       most of the ISPs and hosting companies. A 
> flaw in IPSwitch IMail Web Service
>       Version 7.05 allows an admin of the of a 
> domain hosted on the target machine,
>       To take control over Aliases' and Lists' 
> Administration of any domain hosted
>       on the same machine.
> 
> Details:
> 
>       There is a flaw in the way IMail Web 
> Service checks correct 'admin' privileged
>       session for some domain to administrate 
> aliases. For any domain it *only* checks
>       if the current user is admin or not, rather 
> than checking if the current
>       user is admin on the current domain? An 
> attacker could list/view/add/edit/delete
>       user aliases and mailing lists.
> 
> Proof of Concept:
> 
> Vulnerability 1:
> ================
> 
>       Objective: To administrate the user aliases.
>       Example: 
> 
>       http://<hostname>:8383/<session 
> id>/aliasadmin.<rnd>.cgi?mbx=Main&Domain=[mail 
> host]
>       <hostname>: Hostname of the target 
> machine.
>       <session id>: Random session id.
>       <rnd>: Some 5 digits random number.
>       [mail host]: (optional) Host of which you 
> want to administrate the aliases.
>       
> Vulnerability 2:
> ================
> 
>       Objective: To administrate the mailing lists.
>       Example: 
> 
>       http://<hostname>:8383/<session 
> id>/listadm1.<rnd>.cgi?mbx=Main&Domain=[mail 
> host]
>       <hostname>: Hostname of the target 
> machine.
>       <session id>: Random session id.
>       <rnd>: Some 5 digits random number.
>       [mail host]: (optional) Host of which you 
> want to administrate the mailing lists.


Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Reply via email to