CVE-2006-5487

Sažetak

Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.

Reference

http://secunia.com/advisories/22806
http://securityreason.com/securityalert/1857
http://securitytracker.com/id?1017209
http://www.marshal.com/kb/article.aspx?id=11450
http://www.securityfocus.com/archive/1/451143/100/0/threaded
http://www.securityfocus.com/bid/20999
http://www.vupen.com/english/advisories/2006/4457
http://www.zerodayinitiative.com/advisories/ZDI-06-039.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/30188

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-10-2018 - 21:43

Objavljeno

10-11-2006 - 22:07