SB2023090513 - Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023090513

SB2023090513 - Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Published: September 5, 2023

Security Bulletin ID SB2023090513
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Stored cross-site scripting (CVE-ID: CVE-2023-39223)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: The following CGIs included with the vulnerable products are affected by the vulnerability.

  • pmc.exe 2.5.1.720 and earlier
  • pmam.exe 2.5.1.1411 and earlier
  • pmmls.exe 2.5.1.561 and earlier
  • pmum.exe (Standard edition) 2.5.1.25451 and earlier
  • pmum.exe (Pro edition) 2.5.1.25452 and earlier
  • pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
  • pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
  • pmman.exe (Standard edition) 2.5.1.12154 and earlier
  • pmman.exe (Pro edition) 2.5.1.12155 and earlier
  • pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
  • pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
  • pmman.exe (Enterprise edition) 2.5.1.12158 and earlier

2) Arbitrary file upload (CVE-ID: CVE-2023-39933)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in Broadcast Mail CGI (pmc.exe). A remote user can upload a malicious file and execute it on the server.

Note: The following CGIs included with the vulnerable products are affected by the vulnerability.

  • pmc.exe 2.5.1.720 and earlier
  • pmam.exe 2.5.1.1411 and earlier
  • pmmls.exe 2.5.1.561 and earlier
  • pmum.exe (Standard edition) 2.5.1.25451 and earlier
  • pmum.exe (Pro edition) 2.5.1.25452 and earlier
  • pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
  • pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
  • pmman.exe (Standard edition) 2.5.1.12154 and earlier
  • pmman.exe (Pro edition) 2.5.1.12155 and earlier
  • pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
  • pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
  • pmman.exe (Enterprise edition) 2.5.1.12158 and earlier

3) Path traversal (CVE-ID: CVE-2023-40160)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Mailing List Search CGI (pmmls.exe). A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note: The following CGIs included with the vulnerable products are affected by the vulnerability.

  • pmc.exe 2.5.1.720 and earlier
  • pmam.exe 2.5.1.1411 and earlier
  • pmmls.exe 2.5.1.561 and earlier
  • pmum.exe (Standard edition) 2.5.1.25451 and earlier
  • pmum.exe (Pro edition) 2.5.1.25452 and earlier
  • pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
  • pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
  • pmman.exe (Standard edition) 2.5.1.12154 and earlier
  • pmman.exe (Pro edition) 2.5.1.12155 and earlier
  • pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
  • pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
  • pmman.exe (Enterprise edition) 2.5.1.12158 and earlier

4) Path traversal (CVE-ID: CVE-2023-40747)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Internal Simple Webserve. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note: The following CGIs included with the vulnerable products are affected by the vulnerability.

  • pmc.exe 2.5.1.720 and earlier
  • pmam.exe 2.5.1.1411 and earlier
  • pmmls.exe 2.5.1.561 and earlier
  • pmum.exe (Standard edition) 2.5.1.25451 and earlier
  • pmum.exe (Pro edition) 2.5.1.25452 and earlier
  • pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
  • pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
  • pmman.exe (Standard edition) 2.5.1.12154 and earlier
  • pmman.exe (Pro edition) 2.5.1.12155 and earlier
  • pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
  • pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
  • pmman.exe (Enterprise edition) 2.5.1.12158 and earlier

Remediation

Install update from vendor's website.

References