M86 Security Knowledge Base

Home » Knowledgebase » MailMarshal SMTP » FIX: MailMarshal Vulnerability to TAR Directory Traversal Attacks...

FIX: MailMarshal Vulnerability to TAR Directory Traversal Attacks

Expand / Collapse
 

FIX: MailMarshal Vulnerability to TAR Directory Traversal Attacks


This article applies to:

  • MailMarshal SMTP
  • MailMarshal Exchange
  • MailMarshal SES

Symptoms:

  • MailMarshal vulnerable to Directory Traversal attacks when unpacking .TAR archives
  • An attacker could create a specially crafted file to overwrite important operating system files and cause the system to execute malicious code.

NOTE: MailMarshal SES is not affected by TAR Directory Traversal Attacks.

Resolution:

For MailMarshal SMTP, upgrade to the latest version.

  • This vunerability was first fixed in version 6.2.2.3503 (released 11 October 2007).
  • If you cannot upgrade immediately, you can use the workaround steps below.

For MailMarshal Exchange 5.x, upgrade to the latest version.

  • This vunerability was first fixed in version 5.2.5813 (released 8 August 2008).
  • If you cannot upgrade immediately, you can use the workaround steps below.

Workaround:

A workaround is available for the following product versions:

  • MailMarshal SMTP 5.5
  • MailMarshal SMTP 6.x
  • MailMarshal SMTP 2006
  • MailMarshal Exchange 5.x

The steps for implementing the workaround are as follows:

MailMarshal SMTP

Note: If your MailMarshal installation is on a single server (including MailMarshal SMTP 5.5 or 6.x/2006), perform all the steps, in order, on that server.

  1. Save the archive file Marshal_Q11780.zip that is attached to this article.
  2. Unzip the archive to a temporary location. The archive includes two files:
    • 7za.exe (unpacking executable)
    • TarUpdate.reg (registry edit file to direct MailMarshal to use the new executable)

On each MailMarshal processing server (node)

  1. Stop the MailMarshal Engine service
  2. In the MailMarshal install directory, rename the file tar.exe to tar.exe.old
  3. Copy the file 7za.exe into the MailMarshal install directory

On the MailMarshal Array Manager server:

  1. Import the file tarupdate.reg to the registry by double clicking on it. Alternatively you can open a command prompt and enter:
    regedit –s tarupdate.reg
  2. Open the MailMarshal Configurator and commit the configuration
  3. Ensure that all nodes are marked "current"

On each processing server:

  1.  Re-start the MailMarshal Engine service

MailMarshal Exchange

  1. Save the archive file Marshal_Q11780_MMExchange.zip that is attached to this article.
  2. Unzip the archive to a temporary location. The archive includes two files:
    • 7za.exe (unpacking executable)
    • TarUpdateExchange.reg (registry edit file to direct MailMarshal Exchange to use the new executable)
  3. Stop the MailMarshal Exchange Engine service
  4. In the MailMarshal Exchange install directory, rename the file tar.exe to tar.exe.old
  5. Copy the file 7za.exe into the MailMarshal Exchange install directory
  6. Import the file TarUpdateExchange.reg to the registry by double clicking on it. Alternatively you can open a command prompt and enter:
    regedit –s TarUpdateExchange.reg
  7. Open the MailMarshal Exchange Configurator and commit the configuration
  8.  Re-start the MailMarshal Exchange Engine service

Notes:

  • For MailMarshal SMTP 5.5 or MailMarshal Exchange, if you have multiple servers, you must repeat the above steps on each server.


Rate this Article:
     

Attachments



Add Your Comments


Name: *
Email Address:
Web Address:
   
 
 
 
 
   
Verification Code:
*
 

Details
Article ID: 11780
Last Modified: 8/22/2008
Type: FIX
Rated 1 star based on 13 votes.
Article has been viewed 9,039 times.
Options

Execution: 0.016. 11 queries. Compression Disabled.
Powered by InstantKB.NET