MailMarshal Spam Quarantine Password Retrieval Vulnerability

2007.07.20
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.6/10
Impact Subscore: 10/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

SEC-1 LTD. www.sec-1.com Security Advisory Advisory Name: MailMarshal Spam Quarantine Password Retrieval Vulnerability Release Date: 17-06-2007 Application: MailMarshal SMTP 6.2.0.x Platform: Microsoft Windows Severity: Password Retrieval Author: Gary O'leary-Steele Reported: See time line section below Vendor status: Fix Available CVE Candidate: CVE-2007-3796 Reference: http://www.sec-1.com/ Overview from www.mailmarshal.com: MailMarshal SMTP is a total email content security solution for business networks. It combines anti-spam, anti-virus, anti-phishing, anti-porn and content security into a highly scalable and easily manageable solution. MailMarshal enables you to meet your corporate obligation to provide a safe and secure environment for your employees. It also enables you to meet your obligation to effectively monitor and manage your organization's compliance with relevant corporate governance and legislative regulatory frameworks. Vulnerability Summary: The Spam Quarantine HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address. Vulnerability Details: A technical analysis of the vulnerability is included within our "Buffer Truncation in Microsoft SQL Server Based Applications 1.1" paper http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf Time Line: 24/05/2007 Reported 12/07/2007 Fix Available Vendor Status: This issue has been resolved in version 6.2.1. See the change history for further details. http://www.marshal.com/software/mailmarshal_smtp/MailMarshalSMTP-Release Notes-6.2.1.3252.htm#Change%20History Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2007-3796 Copyright 2007 Sec-1 LTD. All rights reserved. Sec-1 specialises in the provision of network security solutions. For more information on products and services we offer visit www.sec-1.com or call 0113 257 8955.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top