[IMail Forum] FW: IMail Web Service User Aliases / Mailing Lists Admin Vulnerability

Mon, 31 Dec 2001 15:27:36 -0800 


Just came across bugtraq, sorry for the formatting, it got to me that way.

-----Original Message-----
From: Zeeshan Mustafa [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 31, 2001 5:31 PM
To: [EMAIL PROTECTED]
Subject: IMail Web Service User Aliases / Mailing Lists Admin
Vulnerability




IMail Web Service User Aliases / Mailing Lists Admin  Vulnerability  Date
: January 1, 2002 Author                  : Zeeshan Mustafa
[[EMAIL PROTECTED]] Application             : IPSwitch IMail Web Service
Versions Test           : 7.05/7.04/7.03/7.02/7.01/6.x Exploitable
: Remote Vendor Status           : Notified Impact of vulnerability : Forced
control of user aliases  and mail lists   Overview:     IPSwitch IMail Web
Service is a popular  daemon, web-based popper used by  most of the ISPs and
hosting companies. A  flaw in IPSwitch IMail Web Service        Version 7.05
allows an admin of the of a  domain hosted on the target machine,       To take
control over Aliases' and Lists'  Administration of any domain hosted   on
the same machine.  Details:     There is a flaw in the way IMail Web  Service
checks correct 'admin' privileged       session for some domain to administrate
aliases. For any domain it *only* checks        if the current user is admin or
not, rather  than checking if the current       user is admin on the current
domain? An  attacker could list/view/add/edit/delete    user aliases and
mailing lists.  Proof of Concept:  Vulnerability 1: ================
Objective: To administrate the user aliases.    Example:
http://<hostname>:8383/<session
id>/aliasadmin.<rnd>.cgi?mbx=Main&Domain=[mail  host]   <hostname>: Hostname
of the target  machine.         <session id>: Random session id.        <rnd>: Some 5
digits random number.   [mail host]: (optional) Host of which you  want to
administrate the aliases.        Vulnerability 2: ================      Objective:
To administrate the mailing lists.      Example:
http://<hostname>:8383/<session
id>/listadm1.<rnd>.cgi?mbx=Main&Domain=[mail  host]     <hostname>: Hostname of
the target  machine.    <session id>: Random session id.        <rnd>: Some 5 digits
random number.  [mail host]: (optional) Host of which you  want to
administrate the mailing lists.
---
[ This E-mail scanned for viruses by www.WebKorner.com ]


---
[ This E-mail scanned for viruses by www.WebKorner.com ]


Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Reply via email to