||The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
OpenSUSE Project Leap 42.2
|Base: ||3.5 (as of 22-03-2017 - 18:46)|
Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality.
The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
|NASL family||SuSE Local Security Checks |
|NASL id||OPENSUSE-2017-261.NASL |
|description||postfixadmin was updated to 3.0.2 to fix the following issues :
- PostfixAdmin 3.0.2 :
- SECURITY: don't allow to delete protected aliases (CVE-2017-5930, boo#1024211)
- fix VacationHandler for PostgreSQL
- AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with lots of mailboxes
- allow switching between dovecot:* password schemes while still accepting passwords hashed using the previous dovecot:* scheme
- FetchmailHandler: use a valid date as default for 'date'
- fix date formatting in non-english languages when using PostgreSQL
- various small fixes
- PostfixAdmin 3.0 :
- add sqlite backend option
- add configurable smtp helo (CONF['smtp_client'])
- new translation: ro (Romanian)
- language update: tw, cs, de
- fix escaping in gen_show_status() (could be used to DOS list-virtual by creating a mail address with special chars)
- add CSRF protection for POST requests
- list.tpl: base edit/editactive/delete links in list.tpl on $RAW_item to avoid double escaping, and fix some corner cases
- fix db_quota_text() for postgresql (concat() vs. ||)
- change default date for 'created' and 'updated' columns from 0000-00-00 (which causes problems with MySQL strict mode) to 2000-01-01
- allow punicode even in TLDs
- update Smarty to 3.1.29
- add checks to login.php and cli to ensure database layout is up to date
- whitelist '-1' as valid value for postfixadmin-cli
- don't stripslashes() the password in pacrypt
- various small bugfixes |
|last seen||2018-01-27 |
|plugin id||97281 |
|title||openSUSE Security Update : postfixadmin (openSUSE-2017-261) |
|Last major update
||23-03-2017 - 08:53
||20-03-2017 - 12:59