lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2013 15:04:04 +0200 From: demetris papapetrou <demetrispapapetrou@...il.com> To: bugtraq@...urityfocus.com Subject: Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Remote Code Execution Remote: Yes Local: No Discovered by: QSecure and Demetris Papapetrou References: http://www.qsecure.com.cy/advisories/Alt-N_MDaemon_WebAdmin_Remote_Code_Execution.html Discovered: 01/10/2012 Reported: 19/12/2012 Fixed: 15/01/2013 (http://files.altn.com/MDaemon/Release/RelNotes_en.html) Disclosed: 18/02/2013 VULNERABILITY DESCRIPTION: ========================== Alt-N WebAdmin application is prone to a remote code execution vulnerability via the user account import facility. Attackers may utilize a compromised user/non-admin account to create new accounts in the system or modify existing ones, in a way that will turn-on the autorespond "program processing" functionality and cause it to execute arbitrary commands on the underlying operating system. Furthermore, utilizing the user account import facility, an ordinary user can change the password of any other user or administrator account within MDaemon and access his/her emails. However, a side-effect of this procedure is that any administrator accounts that get modified this way, are downgraded to ordinary users. Alt-N MDaemon v13.0.3 & v12.5.6 were tested and found vulnerable; other versions may also be affected.
Powered by blists - more mailing lists