*********************************************************

goSecurity - Advisory 2010120601

*********************************************************
Software: IceWarp Mail Server
Date: 06 Dec. 2010
Affected Versions: 10.1.3, 10.2.0
*********************************************************

Multiple directory-traversal vulnerabilities in IceWarp Webclient

*********************************************************
Summary
-----------
IceWarp Webclient is prone to multiple directory traversal
vulnerabilities. These vulnerabilities can result in loss
of confidential data of IceWarp Mailserver and the
operating system.

*********************************************************
Details
--------
Input passed via the following parameters is not properly
sanitised and can therefore be exploited to browse the
partition where IceWarp is installed or the whole system
and read arbitrary files on the system.

File: http[s]://host/webmail/basic/index.html
Parameter: _c

File: http[s]://host/webmail/basic/minimizer/index.php
Parameter: script

*********************************************************
Solution
---------
Upgrade to Version 10.2.1

*********************************************************
Credits
--------
Ron Ott - GO OUT Production GmbH
Mike Schneider - GO OUT Production GmbH
Thomas Wittmann - Wittmann Security Consulting

*********************************************************
Timeline (CET)
-----------------

19/11/10 Vulnerabilities discovered and confirmed with
multiple installations of IceWarp Webclient
10.1.3 and 10.2
22/11/10 First contact with vendor
23/11/10 Confirmed and fixed by vendor
29/11/10 Customer information by vendor
06/12/10 Coordinated release with vendor

*********************************************************