[VIM] Info on Unspecified Webmail Flaw Fixed in Winmail 4.3?

George A. Theall theall at tenablesecurity.com
Wed Mar 29 20:30:47 EST 2006


Does anyone have any specifics about the Winmail Server flaw referenced
by CVE-2006-1250, BID 17009, and OSVDB 23877? All point to the changelog
for version 4.3(Build 0302), presumably item 9, which says: "Fixed some
security problem of Webmail."

In November 2005, Secunia announced 4 flaws in the webmail portion:

  http://secunia.com/secunia_research/2005-58/advisory/

and version 4.3 is the first version released since then.

Earlier today, I set up this newer version and tried to exploit the
first issue (directory traversal when creating session files) without
success. This together with the timing of the release makes me suspect
those issues are collectively what the vendor considers to have
addressed in 4.3, but I wonder if anyone here knows definitively what's up.

Thanks in advance,

George
-- 
theall at tenablesecurity.com



More information about the VIM mailing list