Check Point Advisories

Qualcomm WorldMail IMAP Server Directory Traversal (CVE-2005-3189)

Check Point Reference: CPAI-2005-336
Date Published: 4 Jan 2010
Severity: Medium
Last Updated: Monday 04 January, 2010
Source:
Industry Reference:CVE-2005-3189
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description The Qualcomm WorldMail product is an email and messaging server. The product is designed for small to large enterprise environments. WorldMail provides, amongst other services, an IMAP server which allows email retrieval. There exists a directory traversal vulnerability in Qualcomm WorldMail IMAP server. The vulnerability is caused by an insufficient validation of the user provided data. An authenticated remote attacker can exploit this vulnerability to gain access to other user's mailboxes as well as files and folders on the target system. Exploitation of this vulnerability may result in different behavior of the host system depending on the intention of the malicious user. Exploitation may be generalized into three unique cases: unauthorized reading of email, unauthorized manipulation of email, and manipulation of file system folders outside of the mail spool directory. In the case of an attack attempt aiming to read email of arbitrary users, the host system will not exhibit any unusual behavior. The malicious user in this case is able to access email in all email accounts on the affected server. In the case of unauthorized manipulation of email accounts, the malicious user attempts to modify mailboxes of other users by renaming or deleting emails or IMAP folders. This attack will result in arbitrary email accounts being altered. In the case of moving or renaming files or folder outside the base mail spool directory, the operation of the affected system may be affected in numerous ways. However, the vulnerable host system may stop functioning.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Qualcomm WorldMail IMAP Server Directory Traversal protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  IMAP Protocol Violation.
Attack Information:  Qualcomm WorldMail IMAP server directory traversal

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK