CVE-2005-1902

Properties

Published:
08.06.2005
Updated:
20.10.2005
Patch available:
Severity:
Medium
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:N/B:N) Approximated
Product:
E-POST Corporation: SPA-PRO Mail @Solomon

Vulnerability description

Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via .. sequences in the (1) SELECT, (2) CREATE, (3) DELETE, and (4) RENAME commands.

References:

MISC: http://www.security.org.sg/vuln/spa-promail4.html
FRSIRT: http://www.frsirt.com/english/advisories/2005/0680
OSVDB: http://www.osvdb.org/16989
SECUNIA: http://secunia.com/advisories/15573
XF: http://xforce.iss.net/xforce/xfdb/20860
SECTRACK: http://securitytracker.com/id?1014095