Infesting you with Virus News
 

News

Contributed by: Lauren Gerber
Date: May 7, 2009
Lauren Gerber
1
Vote
0

Multiple Vulnerabilities Found In The IceWarp WebMail Server
 

In the world of computer security it never ends, vulnerabilities are everywhere. Another vulnerability has been found and this time it exists in the Merak Mail Server. It has recently been reported that multiple vulnerabilities were found in the Merak Mail Server. These vulnerabilities can actually be exploited by malicious individuals with the intention of performing SQL injection attacks; script insertion attacks as well as the popular phishing attacks.code.jpg

These vulnerabilities were discovered and reported by RedTeam Pentesting during a penetration test. It came to their attention that online attackers who are in control of users web based email accounts  as well as Groupware components, are literally able to execute arbitrary SQL select statements. This enables them to read any data that they wish from the database of the web server that you can access through the Icewarp email server.

The particular product that was affected is the IceWarp email Server / WebMail Server. There were multiple impacts from the vulnerabilities with the inclusion of Security bypass, exposure of sensitive information, cross site scripting and manipulation of specific data. According to RedTeam Pentesting, IceWarp's WebMail Server vulnerability is a high risk.Hectic_SQL.jpg

This product is from a vendor which you may or may not know called IceWarp. According to their webpage, IceWarp describes a part of the Webmail Server Pro product as:"Feature complete yet easy to use, WebMail Server Pro provides feature rich Web 2.0 web-based access to email, calendars, contacts, files and shared data from any computer with browser and internet connection, without the usual configuration hassle."

The main type of risk, that is the greatest cause of alarm, is the possibility of SQL Injection attacks. It is vital for all users to know that affected versions include 9.4.1 and there is the possibility that it has also affected various versions prior to this one. The question that may be asked is what can be done about this? The answer is fairly simple, it has been suggested that users update to the 9.4.2 version.

Resources:
The CVE pertaining to this IceWarp Email Server and WebMail Server vulnerability.
The RedTeam Pentesting site.
IceWarp.
Secuobs on this vulnerability.

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Virus:Win32/Sal .. 32/Sality.O.dl
March 17, 2010
HI more..
Trojan.Agent.IPB
March 17, 2010
Found this list of godaddy domain name coupons, I got a domain for my dog - ha $6.91 Domain... more..
Trojan.Agent.IPB
March 17, 2010
Three guys were having a beer in a bar in London. They were all relative newly-weds and they were talking... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Computer Security > Multiple Vulnerabilities Found In The IceWarp WebMail Server