ArGoSoft Mail Server Pro viewheaders脚本代码注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195925 漏洞类型 跨站脚本
发布时间 2006-02-27 更新时间 2006-09-27
CVE编号 CVE-2006-0978 CNNVD-ID CNNVD-200603-039
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006030006
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-039
|漏洞详情
ArGoSoftMailServer是一款Windows平台下的全功能的邮件服务器,支持POP3/SMTP/FINGER等协议。ArGoSoftMailServer在处理邮件显示时存在输入验证漏洞,远程攻击者可能在客户机器上执行恶意脚本代码。邮件在由"ViewHeaders"功能显示之前,ArGoSoftMailServerPro没有正确的过滤各种邮件头(如"标题"和"寄件人"),导致攻击者可以注入任意HTML和脚本代码。如果用户浏览了恶意的邮件头,就会在浏览器中执行注入的代码。
|漏洞EXP
======================================================================

Secunia Research 27/02/2006

- ArGoSoft Mail Server Pro viewheaders Script Insertion -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software

ArGoSoft Mail Server Pro 1.8.8.5

NOTE: Prior versions may also be affected.

====================================================================== 
2) Severity

Rating: Moderately critical
Impact: Cross-Site Scripting
Where:  Remote

====================================================================== 
3) Vendor's Description of Software

"ArGoSoft Mail Server is full SMTP/POP3/Finger/IMAP server for all
Windows platforms, which will let you turn your computer into the email
system. It is very compact, takes about 1-5 Mb of disk space (depending
on the version), does not have any specific memory requirements, and
what is the most important - it's very easy to use".

Product Link:
http://www.argosoft.com/rootpages/MailServer/Default.aspx

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in ArGoSoft Mail Server
Pro, which can be exploited by malicious people to conduct script
insertion attacks.

Input passed in various e-mail headers (e.g. "subject" and "from") is
not properly sanitised before being displayed by the "View Headers"
functionality. This can be exploited to insert arbitrary HTML and
script code, which is executed in a user's browser session in context
of a vulnerable site when viewing the headers of a malicious e-mail.

====================================================================== 
5) Solution

Update to version 1.8.8.6 or later.

====================================================================== 
6) Time Table

24/02/2006 - Vendor notified.
24/02/2006 - Vendor response.
27/02/2006 - Public disclosure.

====================================================================== 
7) Credits

Discovered by Secunia Research.

====================================================================== 
8) References

No other references available.

====================================================================== 
9) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

====================================================================== 
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-6/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================
|参考资料

来源:BID
名称:16834
链接:http://www.securityfocus.com/bid/16834
来源:BUGTRAQ
名称:20060227SecuniaResearch:ArGoSoftMailServerProviewheadersScriptInsertion
链接:http://www.securityfocus.com/archive/1/archive/1/426206/100/0/threaded
来源:OSVDB
名称:23512
链接:http://www.osvdb.org/23512
来源:VUPEN
名称:ADV-2006-0751
链接:http://www.frsirt.com/english/advisories/2006/0751
来源:MISC
链接:http://secunia.com/secunia_research/2006-6/advisory/
来源:SECUNIA
名称:18991
链接:http://secunia.com/advisories/18991
来源:XF
名称:argosoft-mailserverpro-viewheaders-xss(24945)
链接:http://xforce.iss.net/xforce/xfdb/24945
来源:SREASON
名称:504
链接:http://securityreason.com/securityalert/504