IMail vulnerabilities

Updated 5/28/02
CVE 2001-0039
CVE 2001-0494

Impact

A remote attacker could execute arbitrary commands with SYSTEM privileges, gain information about the server's directory structure, hijack mail sessions, predict session IDs, or cause IMail to stop responding, thus denying access to e-mail service and the web interface. A user with an account on the server could gain access to other users' mailboxes.

Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. The severity level for this instance is indicated by the colored dot beside the link to this tutorial on the previous page.

Background

This section is only available with the purchase of SAINTwriter™, SAINTexpressSM, or WebSAINTSM.

The Problems

This section is only available with the purchase of SAINTwriter™, SAINTexpressSM, or WebSAINTSM.

Resolution

This section is only available with the purchase of SAINTwriter™, SAINTexpressSM, or WebSAINTSM.

Where can I read more about this?

This section is only available with the purchase of SAINTwriter™, SAINTexpressSM, or WebSAINTSM.