Signature Detail

Short Name	SMTP:EXT:DIR-TRAV
Severity	Medium
Recommended	No
Category	SMTP
Keywords	MIME Filename Directory Traversal
Release Date	2005/10/05
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: MIME Filename Directory Traversal

This signature detects Multipurpose Internet Mail Extensions (MIME) attachments with directory traversal characters in their filenames. Malicious users can utilize this method to place executable files onto a target system.

Extended Description

MDaemon server is prone to a directory traversal vulnerability due to improper sanitization of user input. Failure to sanitize the filename and path may result in compromise of the file system outside of the application's quarantine directory.

Affected Products

Alt-N MDaemon 8.0.0
Alt-N MDaemon 8.0.0 1
Alt-N MDaemon 8.0.0 2
Alt-N MDaemon 8.0.0 3
Alt-N MDaemon 8.0.4
Alt-N MDaemon 8.0.5

References

BugTraq: 14400
CVE: CVE-2002-1741
URL: http://files.altn.com/MDaemon/Release/RelNotes_en.txt
URL: http://www.sans.org/newsletters/risk/display.php?v=4&i=30#05.30.1

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

SMTP: MIME Filename Directory Traversal

Extended Description

Affected Products

References