SB2019112003 - Multiple vulnerabilities in Openfind Mail2000

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2019-9763)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via an "<object data="data:text/html" substring in an e-mail message. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Open redirect (CVE-ID: CVE-2019-15073)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data passed via the "ACTION" parameter in "/cgi-bin/go" file. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

3) Cross-site scripting (CVE-ID: CVE-2019-15071)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "ACTION" parameter in the "/cgi-bin/go" file. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

4) Cross-site scripting (CVE-ID: CVE-2019-15072)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via any parameter in the "/cgi-bin/portal" file. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• https://gist.github.com/keniver/1f6092242ee79a8456a86bb7624bc171
• https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf
• https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf
• https://gist.github.com/chtsecurity/512ebad24dddffb5321cf5f1a336f90f
• https://gist.github.com/tonykuo76/ed1cc21cf755bfb8b67ca24f50bded13
• https://tvn.twcert.org.tw/taiwanvn/TVN-201909003
• https://www.chtsecurity.com/download/258686130f7a16063c765f9e79cffd813409f6fe61c2dec05fceca541762d5bd.txt
• https://www.openfind.com.tw/taiwan/resource.html
• https://www.twcert.org.tw/en/cp-128-3087-5cecd-2.html
• https://gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216d
• https://gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27
• https://tvn.twcert.org.tw/taiwanvn/TVN-201909001
• https://www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037be242fec7b185603ca52dc1.txt
• https://www.twcert.org.tw/en/cp-128-3085-45bda-2.html
• https://gist.github.com/chtsecurity/b3396500d4686ad47fb26f64967ef24a
• https://gist.github.com/tonykuo76/5bf1ac369d953d5276afe0a2d04c2147
• https://tvn.twcert.org.tw/taiwanvn/TVN-201909002
• https://www.chtsecurity.com/download/0837ce00c27c73dd3ba3a0d4a7df3a41aaea1ac1e9831a5d61bb64ed484a3598.txt
• https://www.twcert.org.tw/en/cp-128-3086-ff35d-2.html