Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: lanste.txt

602Pro Lansuite 2003/WinXP - Multiple Vulnerabilities

602Pro Lansuite 2003 - Multiple Vulnerabilities

"602Pro LAN SUITE is an easy-to-install and manage
all-in-one server application. Its standards-based
SMTP/POP3 e-mail server provides effective e-mail
communication without the risk of destructive virus
infiltration and productivity robbing unsolicited
e-mail. Fax services seamlessly integrate into user
mailboxes to unify e-mail and fax message access."

More information at <>

Version : 602PRO LanSuite 2003, build 2003.0.3.0828
(latest build)
Tested Platform : Windows (2K/XP Pro)

Multiple vulnerabilities in the LanSuite 2003 software
(WebMail interface) which could allow attackers to
sensitive information about the users (Mailbox number,
Message ID, Login Time etc...) and read any file on
the server.

[Vulnerability #1] Sensitive Files Exposure

When a user logins to LanSuite 2003 WebMail server,
m602cl3w.exe will create a temporary file and folder
holding sensitive information about the current user
and they are accessible through the LanSuite WebMail
interface <>. Tempdirs.lst
file holds the temporary folder name of current users.
The temporary folder contains two files named
MSGlist.mid and Messages ID are written
to MSGlist.mid file. The username and mailbox number
are written to

Log files are also accessible by anyone at:
<> (YY/MM/DD).
Attacker might gain sensitive information of username,
user's IPs, login time etc... This information could
be useful to assist in further exploit once they
obtained the file.

[Vulnerability #2] Arbitrary File Reading [required
valid user credential]

Malicious user can read any file on the server if they
have a valid LanSuite WebMail username and password.
M602cl3w.exe does check for dot-dot-slash most of the
time but not when the action "GetFile" is used. For
example, a malicious user can read the boot.ini file
by sending a request like this:

where "U" is the current user handle's string.
Malicious users can also read other user's mails by
using the information they got from exploiting the
vulnerability #1. 

For example: 

You can obatain the patch to fix those vulnerabilities
above at <>

Phuong Nguyen

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH