[SA18524] Ecartis "pantomime" Functionality Attachment Handling Security Issue

TITLE:
Ecartis "pantomime" Functionality Attachment Handling Security Issue

SECUNIA ADVISORY ID:
SA18524

VERIFY ADVISORY:
http://secunia.com/advisories/18524/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
>From remote

SOFTWARE:
ecartis (listar) 1.x
http://secunia.com/product/1186/

DESCRIPTION:
Matthias Kilian has discovered a security issue in Ecartis, which can
be exploited by malicious people to bypass certain security
restrictions.

The security issue is caused due to a design error, which causes
attachments in emails that are sent to the
[listname]-request@[hostname] addresses to be saved to the
"pantomime" web-accessible directory even when the sender is not
subscribed to the mailing list or when the list is closed. This can
potentially be exploited by malicious people to place arbitrary files
onto the server.

Successful exploitation requires that the "pantomime" functionality
has been enabled for the mailing list.

The security issue has been confirmed in version 1.0.0 snapshot
20050909. Other versions may also be affected.

SOLUTION:
Disable the "pantomime" functionality.

Snapshot 20050921 is reportedly not affected since the "pantomime"
functionality is not working.

PROVIDED AND/OR DISCOVERED BY:
Matthias Kilian

ORIGINAL ADVISORY:
http://marc.theaimsgroup.com/?l=listar-dev&m=113732552708625&w=2

---

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.