Update Protection against Multiple IMAP Servers Directory Traversal Vulnerability
| Check Point Reference: | CPAI-2006-070 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Dovecot-News SecurityTracker Alert ID: 1014095 |
|
| Industry Reference(s): | CVE-2006-2414 CVE-2005-1902 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Dovecot version 1.0 beta Dovecot version 1.0 stable SPA-PRO Mail @Solomon 4.00 | ||
| Vulnerability Description Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems. A directory traversal vulnerability has been identified in Dovecot, specifically in the processing of several IMAP commands. If successfully exploited, this vulnerability could be used by attackers to gain knowledge of sensitive information. SPA-PRO Mail @Solomon is an IMAP mail server for Microsoft Windows NT 4.0, XP, and 2000 operating systems. A directory traversal vulnerability has been identified in the SPA-PRO Mail @Solomon server that could allow a remote attacker to manipulate the server directories, including obtaining information from files and folders, view user emails, create directories and more. |
||
|
Update/Patch Available Upgrade to Dovecot version 1.0 beta8: http://dovecot.org/download.html Upgrade to Upgrade to the latest version of SPA-PRO Mail @Solomon (4.05 or later), available at the vendor's site at http://www.e-postinc.jp/download.html. |
|
|
Vulnerability Details CVE-2006-2414 (Dovcot): The flaw is due to directory traversal errors when processing arguments passed to the LIST, DELETE, CREATE, RENAME and SELECT IMAP commands. This allows an attacker to see all files and directories under the mbox root's parent directory, which means an attacker can potentially see other users' mailbox names. CVe-2005-1902 (SPA-PRO Mail @Solomon): The flaw is caused by improper validation in the IMAP service. This could allow a remote attacker to traverse directories and take any action on the directories including viewing files and folders, creating or deleting directories and more. |
Protection Overview
The update protects against the vulnerability by blocking the potentially malicious IMAP commands.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on July 5, 2006 includes the follwoing protections:
Malformed SSH Init Message Protection (CPAI-2006-069)
Multiple IMAP Servers Directory Traversal Protection (CPAI-2006-070)
VNC Authentication Bypass Protection (CPAI-2006-071)
COM Object Instantiation Protection (MS06-013) - CPAI-2006-072
COM Object Instantiation Memory Corruption Vulnerability (MS06-021) - CPAI-2006-073
Microsoft JScript Remote Code Execution Protection (MS06-023) - CPAI-2006-074
Symantec Sygate SQL Injection Protection (CPAI-2006-075)
Horde Help Viewer Protection (CPAI-2006-076)
Virtual War (VWar) File Inclusion Protection (CPAI-2006-077)
AWStats Remote Command Execution Protection - CPAI-2006-078
Windows Media Player PNG Protection (MS06-024) - CPAI-2006-079
ART Image Rendering Protection (MS06-022) - CPAI-2006-080
MySQL Server str_to_date DoS Protection (CPAI-2006-081)
Enhanced Protection against AWStats "migrate" Shell Command Injection (CPAI-2006-053)
Additional Logs added to the FTP patterns engine (CPAI-2006-040)
VPN-1 NGX R61
How Can I Protect My Network?
1. Update SmartDefense: Click the SmartDefense Services tab, click Download Updates and then click the Online Update button.
2. Click Application Intelligence > Mail > Malformed IMAP Commands and enable Block IMAP Directory Traversal. 
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Directory Traversal Attempt
VPN-1 NGX R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. Click Application Intelligence > Mail > Malformed IMAP Commands and enable Block IMAP Directory Traversal.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will display the following log entries:
Attack Name: IMAP Protocol Violation
Attack Information: Directory Traversal Attempt
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
Update SmartDefense by clicking Update Now in the SmartDashboard General window.
2. Click Application Intelligence > Mail > Malformed IMAP Commands and enable Block IMAP Directory Traversal.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Users of VPN-1 NG with Application Intelligence R55 will identify rule 99146 in the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. Click Application Intelligence > Mail > Malformed IMAP Commands and enable Block IMAP Directory Traversal.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Users of VPN-1 NGX VSX will identify rule 99146 in the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
3. Click Application Intelligence > Mail > Malformed IMAP Commands and enable Block IMAP Directory Traversal.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Directory Traversal Attempt
InterSpect 2.0
How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. Click Application Intelligence > Mail > Malformed IMAP Commands and enable Block IMAP Directory Traversal.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Directory Traversal Attempt
Connectra NGX R61
How Can I Protect My Network?
1. Update SmartDefense: In the navigation tree, click Security > SmartDefense Updates; In the Download updated content pane, enter your credentials and then click Download Updates.
2. In the navigation tree, click Security > SmartDefense > Application Intelligence.
3. In the Dynamic Attacks pane, click
Block IMAP Directory Traversal
4, Install security policy on all modules.
How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:
Attack Name: IMAP Protocol Violation
Attack Information: Directory Traversal Attempt