Published:2013/04/04  Last Updated:2013/04/04

Information from TransWARE Co.

Vulnerability ID:JVN#04288738
Title:Active! mail vulnerable to information disclosure
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

[The affected system]
Active! mail 6 -- the system which lodges shell power etc. in users other than an administrator, and is applied to them in all the version.

[Detailed information]
Active! mail 6 When shell authority etc. are being lodged and applied to Unix general users other than an administrator at the server which has introduced, the problem which can try to steal another user's information by a general user's intentional operation exists.

[Influence assumed]
A Unix general user may try to steal another user's information.

[The measure method]
Active! mail 6 shell power (Telnet, SSH, execute authority of commands arbitrary in addition to this) of Unix general users other than an administrator, etc. are not lodged in the server which has introduced -- please make.
Please ask us, when a Unix general user's shell authority needs to be lodged and employed.