Title: IMP File Disclosure Vulnerability
Severity: MODERATE
Description:
IMP is a set of PHP scripts that implement an IMAP based webmail system. Certain versions of IMP are vulnerable to a remote attack which allows attackers to have files on the server running IMP mailed to them.
This vulnerability is due to the fact that user supplied variables may be set to the PHP script. The script is in proper operation supposed to use these pre-defined variables to track attachments being composed through IMP. The variable in particular:
attachments_name[]
Can be supplied by the user with a file which he/she would not normally be able to read. This action is performed by the user privilege level at which IMP is being run. The file which can be read are therefore dependant on this. In addition to mailing this file to the attacker IMP will further attempt to unlink it. If the the file is writable by the user running IMP the file will be deleted.
Affected Products:
- Horde Horde 1.2.0
- Horde IMP 2.0.0
- Horde IMP 2.2.0
References:
- Horde.org: IMP Homepage
- PHP Development Team.: PHP Arbitrary File Disclosure - original PHP posting
- PHP Development Team.: PHP Support
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
