1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Atmail Open 1.04 Vulnerability

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by onsightdata, Apr 20, 2012.

  1. onsightdata

    onsightdata Regular Pleskian

    25
     
    Joined:
    Jul 25, 2007
    Messages:
    132
    Likes Received:
    0
    Does anyone know if there is a patch at all for this? I see that Atmail has released 1.05 of their open source client which resolves this issue. Anyone have a step by step of upgrading to 1.05? I have put a request in to Atomicturtle in http://www.atomicorp.com/ to create an update in their repo.

    I can't find anything in the KB from parallels about this though.


    Vulnerability Note VU#743555

    @Mail Open webmail client contains multiple vulnerabilities

    Original Release date: 22 Mar 2012 | Last revised: 28 Mar 2012

    Overview

    The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type (CWE-434), relative path traversal (CWE-23), external control of file name or path (CWE-73), and information exposure (CWE-200).

    Read More @ http://www.kb.cert.org/vuls/id/743555
     
  2. onsightdata

    onsightdata Regular Pleskian

    25
     
    Joined:
    Jul 25, 2007
    Messages:
    132
    Likes Received:
    0
    Huge Thanks to http://www.atomicorp.com/ he added Atmail 1.05 to his repo today. Ensure you update your Atmail as 1.04 is vuln, refer to above link.

    Package psa-atmail.noarch 1:1.05-4.el5.art set to be updated
     
Loading...