• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Endymion MailMan Alternate Templates File Disclosure Vulnerability

Endymion MailMan is a webmail application written in Perl. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

Due to insufficient validation of input supplied to the ALTERNATE_TEMPLATES CGI variable, Endymion MailMan is prone to directory traversal attacks. An attacker may view arbitrary web-readable files by crafting a malicious web request containing dot-dot-slash (../) sequences, followed by the name of the requested file, followed by a trailing null character (%00).

This issue may cause sensitive information to be disclosed to remote attackers.