|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 1890 CVE : CVE-2006-5968 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : Yes Exploit Given : No Credit : Secunia Research (remove-vuln secunia com) Published : 22.11.2006
Advisory Text : ====================================================================== Secunia Research 16/11/2006 - MDaemon Insecure Default Directory Permissions - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * MDaemon 9.0.5, 9.0.6, 9.51, and 9.53. NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Less critical Impact: Privilege Escalation Where: Local system ====================================================================== 3) Vendor's Description of Software "Now featuring spam traps, custom scheduling, email queuing, and a host of other new features and enhancements. MDaemon email server for Windows is the best choice for managing your organization's messaging and collaboration infrastructure.". Product Link: http://www.altn.com/Products/Default.asp?product_id=MDaemon ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a security issue in MDaemon, which can be exploited by malicious, local users to gain escalated privileges. The problem is caused due to the application by default being installed in the "MDaemon" folder in the system root with insecure permissions (granting members of the "Users" group permissions to create files and directories). This can be exploited by e.g. placing a malicious RASAPI32.DLL or MPRAPI.DLL library in the "MDaemonAPP" directory. Successful exploitation allows execution of arbitrary code with SYSTEM privileges. NOTE: This is a general problem for the majority of Windows applications when installed outside the "Program Files" folder due to the way libraries are located. Also, fans of "Colossal Cave Adventure" should try sending the commands: "XYZZ" and "PLUG" to the POP3 service or "XYZZY" and "PLUGH" to the ODMR service (port 366/TCP). ====================================================================== 5) Solution Set secure permissions on the directory or install in the "Program Files" folder (according to the vendor, this should not have an impact on the functionality of the application). ====================================================================== 6) Time Table 29/08/2006 - Vendor notified. 31/08/2006 - Vendor response. 24/10/2006 - Vendor issues version 9.5.0, which does not address the security issue correctly (just checks for the presence of RASAPI32.DLL in the application folder). 26/10/2006 - Vendor contacted again. 31/10/2006 - Vendor response. 16/11/2006 - Public disclosure. ====================================================================== 7) Credits Discovered by Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has not currently assigned a CVE identifier for the security issue. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://corporate.secunia.com/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://corporate.secunia.com/secunia_research/33/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/secunia_vacancies/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2006-67/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |