Multiple vulnerabilities have been identified in MailEnable Enterprise, which could be exploited by attackers to bypass security restrictions or obtain elevated privileges.
The first issue is due to an access validation error in the "meadmin/base/enterprise/lang/EN/main.asp" script, which could be exploited by attackers to gain unauthorized access to administrative options by manipulating the "POSTOFFICE" parameter.
The second flaw is due to an input validation error in the "MEWebMail/base/default/lang/EN/MailOptions.asp" script that does not validate the "LoginRights" parameter, which could be exploited by attackers to change their privileges to "SYSADMIN".
The third vulnerability is due to an access validation error in the "MEWebMail/base/default/lang/EN/Forms/MAI/Resolve.asp" script, which could be exploited by malicious users to create emails in an arbitrary "draft" folder without requiring a valid logon.
The fourth issue is due to access validation errors in the "MEWebMail/base/default/lang/EN/Forms/MAI/UploadAttachment.asp" and "MEWebMail/base/enterprise/lang/EN/Forms/vcf/uploadcontact.asp" scripts, which could be exploited by malicious users to upload malicious files into an arbitrary "draft" folder without requiring a valid logon.
Credits
Vulnerabilities reported by Soroush Dalili
ChangeLog
2006-06-13 : Initial release
2006-06-18 : Updated Solution
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
