PureMessage for Unix Vulnerability

  • Article ID: 119510
  • Updated: 05 Jul 2013

Vulnerability reported in PureMessage for Unix

As a security company, keeping our customers safe is our primary responsibility. Improving protection is of course key, as is ensuring the security of our products. We achieve this through rigorous and regular testing as well as welcoming findings from independent security advisers. 

The issues were reported on June 11, 2013 and were resolved with the 6.0.3 release of PureMessage for Unix on June 26, 2013. 

Am I protected?

You should upgrade PureMessage for Unix to version 6.0.3. Please see:


Details of vulnerabilities

Local File Disclosure
Vulnerability ID CVE-2006-3392
Description: Webmin before 1.290 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files.
Affected product(s): Sophos PureMessage for Unix version 6.0.2 and earlier
 Fixed in: PureMessage for Unix version 6.0.3
First reported to us: 11 June 2013 

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent