Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2458

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2458
Last Modified 05 Sep 2008 04:44:11
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2458

Summary

Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.

Vulnerable Systems

Application

  • Open Webmail 1.7

  • Open Webmail 1.71

  • Open Webmail 1.8

  • Open Webmail 1.81

  • Open Webmail 1.90

  • Open Webmail 2.30


References

XF - open-webmail-directory-creation(15822)

BID - 10087

CONFIRM - http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch

SECUNIA - 11334


Last Updated: 27 May 2016 10:39:29