CipherTrust's secure email solution leaks information
A flaw in CipherTrust's IronWebMail allows unauthorised viewing of arbitrary files on the system. An attacker could therefore also read messages and log-in data sent using an IronMail appliance. Ironically, the product claims to offer secure mailing and messaging over the web and offers built-in anti-spam functions, zero-day antivirus protection, intrusion protection, anti-phishing guards and a secure web mail solution. Secure WebMail also offer single sign-on and supports RSA SecurID.
A hole in the integrated web server of the FreeBSD 4.10-based solution unfortunately makes all of the hype for naught. Namely, specific HTTP-GET requests can be used to call up files outside of the server's root directory. Attackers need not have authenticated themselves, reports Symantec, whose security specialists discovered the hole. CipherTrust has confirmed the hole; IronMail versions 5.0.1 and 6.1.1 are affected. A hotfix removes the problem for version 6.1.1. The manufacturer suggests that users of 5.0.1 upgrade to 6.1.1.
- Directory Traversal in IronWebMail, advisory from Symantec
(ehe)