Inquiry

Important Information

Directory traversal vulnerability in Denbun IMAP and POP version.

Phenomenon

A malicious third party may be allowed to use this vulnerability in order to retrieve arbitrary files from Denbun server.

* The malicious third party needs to get to know URL of a Denbun server.

Affected Products and Versions

Denbun IMAP Version - All Versions
Denbun POP Version - All Versions

Workaround

Please consider to apply the security patch to deal with this phenomenon. Since the security patch is common to all the versions, you can apply it regardless of the version you are using.

* If you have not upgraded your Denbun from a previous version, but have newly installed Denbun IMAP Version V3.0I R1.0 or higher, or Denbun POP Version V3.0P R1.0 or higher, you don't have to apply the patch.

Scheduled Date of Releasing Patch

The security patches to deal with this phenomenon will be released on December 27, 2011 at download sites for update modules.

Download Sites
Denbun IMAP http://denbun.com/en/imap/download/update.html
->Security Update (12/27/11) patche module download here.