Contact Us 877.369.8686
Browse Search
Home : MailMarshal Vulnerability to TAR Directory Traversal Attacks
Q11780 - FIX: MailMarshal Vulnerability to TAR Directory Traversal Attacks

This article applies to:

  • MailMarshal SMTP
  • MailMarshal Exchange
  • MailMarshal SES

Symptoms:

  • MailMarshal vulnerable to Directory Traversal attacks when unpacking .TAR archives
  • An attacker could create a specially crafted file to overwrite important operating system files and cause the system to execute malicious code.

NOTE: MailMarshal SES is not affected by TAR Directory Traversal Attacks.

Resolution:

For MailMarshal SMTP, upgrade to the latest version.

  • This vunerability was first fixed in version 6.2.2.3503 (released 11 October 2007).
  • If you cannot upgrade immediately, you can use the workaround steps below.

For MailMarshal Exchange 5.x, upgrade to the latest version.

  • This vunerability was first fixed in version 5.2.5813 (released 8 August 2008).
  • If you cannot upgrade immediately, you can use the workaround steps below.

Workaround:

A workaround is available for the following product versions:

  • MailMarshal SMTP 5.5
  • MailMarshal SMTP 6.x
  • MailMarshal SMTP 2006
  • MailMarshal Exchange 5.x

The steps for implementing the workaround are as follows:

MailMarshal SMTP

Note: If your MailMarshal installation is on a single server (including MailMarshal SMTP 5.5 or 6.x/2006), perform all the steps, in order, on that server.

  1. Save the archive file Marshal_Q11780.zip that is attached to this article.
  2. Unzip the archive to a temporary location. The archive includes two files:
    • 7za.exe (unpacking executable)
    • TarUpdate.reg (registry edit file to direct MailMarshal to use the new executable)

On each MailMarshal processing server (node)

  1. Stop the MailMarshal Engine service
  2. In the MailMarshal install directory, rename the file tar.exe to tar.exe.old
  3. Copy the file 7za.exe into the MailMarshal install directory

On the MailMarshal Array Manager server:

  1. Import the file tarupdate.reg to the registry by double clicking on it. Alternatively you can open a command prompt and enter:
    regedit –s tarupdate.reg
  2. Open the MailMarshal Configurator and commit the configuration
  3. Ensure that all nodes are marked "current"

On each processing server:

  1.  Re-start the MailMarshal Engine service

MailMarshal Exchange

  1. Save the archive file Marshal_Q11780_MMExchange.zip that is attached to this article.
  2. Unzip the archive to a temporary location. The archive includes two files:
    • 7za.exe (unpacking executable)
    • TarUpdateExchange.reg (registry edit file to direct MailMarshal Exchange to use the new executable)
  3. Stop the MailMarshal Exchange Engine service
  4. In the MailMarshal Exchange install directory, rename the file tar.exe to tar.exe.old
  5. Copy the file 7za.exe into the MailMarshal Exchange install directory
  6. Import the file TarUpdateExchange.reg to the registry by double clicking on it. Alternatively you can open a command prompt and enter:
    regedit –s TarUpdateExchange.reg
  7. Open the MailMarshal Exchange Configurator and commit the configuration
  8.  Re-start the MailMarshal Exchange Engine service

Notes:

  • For MailMarshal SMTP 5.5 or MailMarshal Exchange, if you have multiple servers, you must repeat the above steps on each server.
Related Articles
No Related Articles Available.

Article Attachments
Marshal_Q11780_MMExchange.zip
Marshal_Q11780.zip

Related External Links
No Related Links Available.
Help us improve this article...
What did you think of this article?

poor 		 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 excellent
Tell us why you rated the content this way. (optional)
 
Approved Comments...
No user comments available for this article.
Created on 8/30/2007.
Last Modified on 8/22/2008.
Article has been viewed 8363 times.
Rated 2 out of 10 based on 13 votes.
Print Article
Email Article
Highlight  Turn On Turn Off