Vulnerabilities > CVE-2005-0386 - Unspecified vulnerability in Mailreader.Com
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages.
Vulnerable Configurations
Nessus
NASL family CGI abuses : XSS NASL id MAILREADER_HTML_INJECTION.NASL description According to its banner, the version of Mailreader installed on the remote host is affected by a remote HTML injection vulnerability due to its failure to properly sanitize messages using a last seen 2020-06-01 modified 2020-06-02 plugin id 17661 published 2005-03-30 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17661 title Mailreader network.cgi enriched/richtext MIME Message XSS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17661); script_version("1.16"); script_cve_id("CVE-2005-0386"); script_bugtraq_id(12945); script_xref(name:"DSA", value:"700"); script_name(english:"Mailreader network.cgi enriched/richtext MIME Message XSS"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a CGI script that is vulnerable to a cross- site scripting attack." ); script_set_attribute(attribute:"description", value: "According to its banner, the version of Mailreader installed on the remote host is affected by a remote HTML injection vulnerability due to its failure to properly sanitize messages using a 'text/enriched' or 'text/richtext' MIME type. An attacker can exploit this flaw by sending a specially crafted message to a user who reads his mail with Mailreader. Then, when the user reads that message, malicious HTML or script code embedded in the message will be run by the user's browser in the context of the remote host, enabling the attacker to steal authentication cookies as well as perform other attacks." ); script_set_attribute(attribute:"solution", value: "Upgrade to Mailreader 2.3.36 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/30"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/03/30"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for remote HTML injection vulnerability in Mailreader"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses : XSS"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); # Search for Mailreader. foreach dir (cgi_dirs()) { # Run the main script. r = http_send_recv3(method: "GET", item:string(dir, "/nph-mr.cgi"), port:port); if (isnull(r)) exit(0); # Check the version number. if (egrep(pattern:">Mailreader.com v([01]\..*|2\.([012]\..*|3\.([012].*|3[0-5]))) ", string: r[2])) { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); exit(0); } }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-700.NASL description Ulf Harnhammar from the Debian Security Audit Project discovered a cross-site scripting problem in mailreader, a simple, but powerful WWW mail reader system, when displaying messages of the MIME types text/enriched or text/richtext. last seen 2020-06-01 modified 2020-06-02 plugin id 17657 published 2005-03-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17657 title Debian DSA-700-1 : mailreader - missing input sanitising code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-700. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(17657); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0386"); script_xref(name:"DSA", value:"700"); script_name(english:"Debian DSA-700-1 : mailreader - missing input sanitising"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ulf Harnhammar from the Debian Security Audit Project discovered a cross-site scripting problem in mailreader, a simple, but powerful WWW mail reader system, when displaying messages of the MIME types text/enriched or text/richtext." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-700" ); script_set_attribute( attribute:"solution", value: "Upgrade the mailreader package. For the stable distribution (woody) this problem has been fixed in version 2.3.29-5woody2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mailreader"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"mailreader", reference:"2.3.29-5woody2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");