Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0448

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0448
Last Modified 07 Mar 2011 09:30:03
Published 26 Jan 2006 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0448

Summary

Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands.

Vulnerable Systems

Application

  • E-post Corporation Mail Server 4.05

  • E-post Corporation Spa-pro Mail Atsolomon 4.05


References

MISC - http://secunia.com/secunia_research/2006-1/advisory/

SECUNIA - 18480

XF - epost--append-copy-rename-file-creation(24336)

VUPEN - ADV-2006-0318

XF - epost-imap-list-directory-traversal(24335)

BID - 16379

OSVDB - 22765

OSVDB - 22764

XF - epost-append-copy-rename-file-creation(24336)


Last Updated: 27 May 2016 10:40:45