• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: @mail Webmail System Multiple Vulnerabilities

Severity: HIGH

Description:

@mail Webmail System is a web based e-mail software package. It can be installed with a SQL database or flat files.

It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes.

The following specific issues were reported:

A directory traversal issue has been reported in the software that may allow an attacker to gain access to a user's mailbox. The problem is reported to exist due to insufficient sanitization of user-supplied data through the 'Folder' parameter of 'showmail.pl' script.

Multiple SQL injection vulnerabilities have been identified in the software. The problems are reported to exist due to insufficient sanitization of user-supplied data in the 'atmail.pl', 'search.pl', and 'reademail.pl' scripts. A remote attacker may exploit these issues to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access. It has been reported that by exploiting these issue an attacker may also be able to gain unauthorized access to any email message of an address registered in @Mail system.

The software is also prone to a vulnerability that may allow remote attackers to hijack webmail sessions. It has been reported that while is user is logged in, their session id and mailbox name are stored in a cookie. An attacker is reportedly able to gain access to a user's mailbox by modifying the mailbox name.

A cross-site scripting issue has been identified in the software that may allow a remote attacker to steal valid session ids and gain access to a user's mailbox. This issue results from insufficient sanitization of user-supplied data leading to the theft of cookie based authentication credentials.

These issue have reportedly been tested on @Mail 3.52 Demo for Windows NT/2000/XP on Windows 2000 Advanced Server, however other version on various supported platforms may be affected as well.

These issues are currently undergoing further analysis. This cumulative BID will be separated into individual entries when analysis is complete.

Affected Products:

• CalaCode @mail Webmail System 3.52.0 Demo

References:

• CalaCode: @mail Webmail System

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.