Vigil@nce: qmailAdmin, several vulnerabilities
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Two vulnerabilities of qmailAdmin can be used by an attacker to
execute privileged code or to create a Cross Site Scripting.
Severity: 2/4
Consequences: privileged access/rights, client access/rights
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 11/05/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The qmailAdmin program offers a web interface to manage a qmail
messaging system. Two vulnerabilities were announced.
The template.c file generates HTML code containing urls, but does
not filter parameters of these urls. An attacker can therefore
create a Cross Site Scripting. [grav:2/4]
The main() function of qmailadmin.c does not stop the program when
setuid() and setgid() functions fail. In this case, the program
thus continues to run with elevated privileges. [grav:1/4]
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8703
http://vigilance.fr/vulnerability/qmailAdmin-several-vulnerabilities-8703