Trustwave Knowledge Base

KB Home Search Latest Additions Most Popular

FIX: MailMarshal Vulnerability to TAR Directory Traversal Attacks

MailMarshal vulnerable to Directory Traversal attacks when unpacking .TAR archives
An attacker could create a specially crafted file to overwrite important operating system files and cause the system to execute malicious code.

NOTE: MailMarshal Exchange 7.X and MailMarshal SES are not affected by this issue.

Upgrade to the latest version.

This vulnerability was first fixed in MailMarshal SMTP version 6.2.2.3503 (released 11 October 2007).
This vulnerability was first fixed in MailMarshal Exchange version 5.2.5813 (released 8 August 2008).

To contact Trustwave about this article or to request support:

Create a case through the support portal (U.S. Government customers, use the TGS support portal).
Call us on a local phone number.

Rate this Article:

Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.

Execution: 0.031. 9 queries. Compression Disabled.