Symantec Mail-Gear 1.0 Directory Traversal

Reported November 29, 1999 by
USSRLABS
VERSIONS AFFECTED
  • Symantec Mail-Gear 1.0

DESCRIPTION

Symantec"s Mail-Gear has a Web-based administration service that listens on port 8003. The service is vulnerable to directory traversal using specific URL patterns.

DEMONSTRATION

By using a syntax similar to that shown below, file contents may be revealed.

http://ServerIp:8003/Display?what=../../../../../autoexec.bat

VENDOR RESPONSE

Symantec has corrected the problem in their new Mail-Gear v1.1.

CREDITS
Discovered by USSRLABS