This article applies to:
- Trustwave MailMarshal (SEG)
- MailMarshal Exchange 5.X
Symptoms:
- MailMarshal vulnerable to Directory Traversal attacks when unpacking .TAR archives
- An attacker could create a specially crafted file to overwrite important operating system files and cause the system to execute malicious code.
NOTE: MailMarshal Exchange 7.X and MailMarshal SES are not affected by this issue.
Resolution:
Upgrade to the latest version.
- This vulnerability was first fixed in MailMarshal SMTP version 6.2.2.3503 (released 11 October 2007).
- This vulnerability was first fixed in MailMarshal Exchange version 5.2.5813 (released 8 August 2008).