Signature Detail

HTTP: EMUmail.cgi Information Leak

This signature detects attempts to exploit a vulnerability in EMU Webmail. Versions 5.10 and earlier are vulnerable. Attackers can remotely send a maliciously crafted HTTP request, which contains the emumail.cgi script and a specified file name that is appended with a NULL byte character (%00), to view file contents.

Extended Description

Emumail is a web mail package available from Emumail, Inc. It is designed for use on Linux, Unix, and Windows systems. It may be possible for a remote user to gain access to some files through email. By supplying the full path to a file as an argument to the type= function of emumail.cgi, a user may be able to see the contents of the specified file. The request must end with a null character (%00).

Affected Products

• EMUMail 3.0.0
• EMUMail EMUMail for Red Hat Linux 5.0.0
• EMUMail EMUMail for Red Hat Linux 5.1.0
• EMUMail EMUMail for Unix 5.0.0
• EMUMail EMUMail for Unix 5.1.0

References

• BugTraq: 4435
• CVE: CVE-2002-0531
• URL: http://www.securityfocus.com/bid/4435
• URL: http://www.emumail.com/downloads/download_unix.html
• URL: http://www.iss.net/security_center/static/8766.php