Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17936
HistorySep 04, 2007 - 12:00 a.m.

Marshal MailMarshal TAR Unpacking Vulnerability

2007-09-0400:00:00
vulners.com
21
JSON

Marshal MailMarshal TAR Unpacking Vulnerability

Overview

Vendor: Marshal (www.marshal.com)
Product: MailMarshal <= 6.2.1.3253
Vulnerability: Remote file overwrite, Remote execution
Risk: HIGH

Description

During a security audit for a customer we have discovered
a serios vulnerability in MailMarshal (an E-Mail Security Gateway)
when unpacking TAR archives.

MailMarshal uses an old version of GNU tar (1.11.8 + 1.5win32).
Sending a special crafted TAR file it is possible to traverse
through directories and even drives. Thus files can be spread
onto the system and existing files can be overwritten depending
on the privileges of running MailMarshal processes (default:
System privileges) This can lead to a complete system compromise.

Solution

Install vendor patch. The vendor has released a patch at:
http://marshal.com/kb/article.aspx?id=11780

History

  • 2007-08-24 Bug discovered
  • 2007-08-27 Vendor informed
  • 2007-08-30 Vendor released advisory and patches
  • 2007-09-04 rt-solutions.de released security advisory

Credits

Sebastian Vandersee, rt-solutions.de GmbH

rt-solutions.de GmbH
Cologne, Germany
http://www.rt-solutions.de

JSON