|
|
| |
| During a security audit it was discovered that a serios vulnerability in MailMarshal (an E-Mail Security Gateway) exits when it unpacks TAR archives. |
| |
Credit:
The information has been provided by S. Vandersee.
|
| |
Vulnerable Systems:
* MailMarshal version 6.2.1.3253 and prior
MailMarshal uses an old version of GNU tar (1.11.8 + 1.5win32). Sending a special crafted TAR file it is possible to traverse through directories and even drives. Thus files can be spread onto the system and existing files can be overwritten depending on the privileges of running MailMarshal processes (default: System privileges) This can lead to a complete system compromise.
Solution
Install vendor patch. The vendor has released a patch at: http://marshal.com/kb/article.aspx?id=11780
History
* 2007-08-24 Bug discovered
* 2007-08-27 Vendor informed
* 2007-08-30 Vendor released advisory and patches
* 2007-09-04 rt-solutions.de released security advisory
|
|
|
|
|
|
|
|
