CVE-2006-4258 Information

Description

Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter) (2) UNC and possibly other types of paths in the file parameter.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048853.html http://secunia.com/advisories/21523 http://www.securityfocus.com/bid/19545 http://www.vupen.com/english/advisories/2006/3289 https://exchange.xforce.ibmcloud.com/vulnerabilities/28392 assp-getfile-url-file-access(28392)