Message-ID: <41AC1F66.2010304@secnetops.com>
Date: Tue, 30 Nov 2004 02:21:10 -0500
From: kf_lists <kf_lists@...netops.com>
To: bugtraq@...urityfocus.com
Subject: Re: Privilege escalation flaw in MDaemon 7.2.


When I tested things it was on MDaemon 6.8

Excuse me... they did respond and it was LESS than a year ago. =]. Here 
is how it went:
------------------------------------------------------
02/03/2004 11:10 AM

Hello!

I have sent this on to the developers.

However, the issue you describe would require a user to have a valid
login and physical access to the machine.  With both of those, they can
login to the server and access the MDaemon GUI, which can also be
further secured with a password.  I'm not dismissing your submission,
just providing feedback.

If you have any questions, please let us know.  Thanks!

-- Billy Pinson Customer Service Lead Alt-N Technologies, Ltd.

-------------------------------------------------
02/04/2004 06:33 PM

Thanks much... any time estimate on the fix? It sounds as if it may have 
a low priority since its being added to a list.

-KF

Alt-N Sales - Billy Pinson wrote:

> One thing the developers have suggested in the mean time is to change
> the service so that it can not interact with the desktop, this would
> prevent the GUI from showing up.
>
> If you need GUI access simply run the MDaemon ghost option.  This will
> launch the GUI under the users account, rather than the system account.
>
> They have placed this on their list of things to be fixed.
>
-------------------------------------------------
03/18/2004 10:11 PM
Alt-N Sales - Lina Daaboul wrote:

> Hello,
>
> We do not have an estimated time at this time. If you have any 
> questions, please let us know.  Thanks!
>
-KF

Powered by blists - more mailing lists