IMP File Disclosure Vulnerability

IMP is a set of PHP scripts that implement an IMAP based webmail system. Certain versions of IMP are vulnerable to a remote attack which allows attackers to have files on the server running IMP mailed to them.

This vulnerability is due to the fact that user supplied variables may be set to the PHP script. The script is in proper operation supposed to use these pre-defined variables to track attachments being composed through IMP. The variable in particular:

attachments_name[]

Can be supplied by the user with a file which he/she would not normally be able to read. This action is performed by the user privilege level at which IMP is being run. The file which can be read are therefore dependant on this. In addition to mailing this file to the attacker IMP will further attempt to unlink it. If the the file is writable by the user running IMP the file will be deleted.


 

Privacy Statement
Copyright 2010, SecurityFocus