CVE-2004-2458 Information

Description

Open WebMail 2.30 and earlier when use_syshomedir is disabled or create_syshomedir is enabled creates new directories before authenticating which allows remote attackers to create arbitrary directories.

Reference

http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch http://secunia.com/advisories/11334 http://www.securityfocus.com/bid/10087 https://exchange.xforce.ibmcloud.com/vulnerabilities/15822