Details of VAR-200404-0109

ID

VAR-200404-0109

TITLE

Floosietek FTGate Mail Server Path Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2004-1012 // BID: 10059

DESCRIPTION

FloosieTek FTGatePro Mail Server is a versatile mail server that includes anti-virus integration, anti-spam, NAT SAM integration and more. The FTGate mail server does not properly handle some of the illegal parameter data. The remote attacker can use this vulnerability to obtain sensitive server path information. Providing illegal data to the 'id' parameter of message.fts can result in a physical path back to the server. This information can be used to help the attacker further attack the system. This issue is due to an ill conceived error message that includes the server path

Trust: 0.81

sources: CNVD: CNVD-2004-1012 // BID: 10059

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2004-1012

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	floosietek	model:	ftgatepro	scope:	eq	version:	1.2(1331)	Trust: 0.3
vendor:	floosietek	model:	ftgatepro	scope:	eq	version:	1.2	Trust: 0.3
vendor:	floosietek	model:	ftgateoffice	scope:	eq	version:	1.2	Trust: 0.3

sources: CNVD: CNVD-2004-1012 // BID: 10059

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2004-1012
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2004-1012
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2004-1012

THREAT TYPE

network

Trust: 0.3

sources: BID: 10059

TYPE

Design Error

Trust: 0.3

sources: BID: 10059

EXTERNAL IDS

db:	BID	id:	10059	Trust: 0.9
db:	CNVD	id:	CNVD-2004-1012	Trust: 0.6

sources: CNVD: CNVD-2004-1012 // BID: 10059

REFERENCES

url:	http://members.lycos.co.uk/r34ct/main/ftgateofficeftgatepro%20v1.2.txt	Trust: 0.9
url:	http://www.ftgate.com	Trust: 0.3
url:	http://www.floosietek.com/content/57.htm	Trust: 0.3

sources: CNVD: CNVD-2004-1012 // BID: 10059

CREDITS

Disclosure of this issue is credited to dr_insane@pathfinder.gr>.

Trust: 0.3

sources: BID: 10059

SOURCES

db:	CNVD	id:	CNVD-2004-1012
db:	BID	id:	10059

LAST UPDATE DATE

2022-05-17T02:12:10.241000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2004-1012	date:	2014-01-22T00:00:00
db:	BID	id:	10059	date:	2004-04-06T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2004-1012	date:	2004-04-06T00:00:00
db:	BID	id:	10059	date:	2004-04-06T00:00:00