Vulnerabilities > CVE-2004-2504 - Local Privilege Escalation vulnerability in Alt-N MDaemon

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

alt-n

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Alt-N ALT N Mdaemon 6.8.0 ALT N Mdaemon 6.8.1 ALT N Mdaemon 6.8.2 ALT N Mdaemon 6.8.3 ALT N Mdaemon 6.8.4 ALT N Mdaemon 6.8.5 ALT N Mdaemon 7.2	7

Nessus

NASL family	SMTP problems
NASL id	MDAEMON_LOCAL_PRIVILEGES.NASL
description	It is reported that versions of MDaemon up to and including 7.2.0 are affected by a local privilege escalation vulnerability. An local attacker may increase his privilege and execute code with SYSTEM privileges.
last seen	2020-06-01
modified	2020-06-02
plugin id	15823
published	2004-11-24
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15823
title	MDaemon File Creation Local Privilege Escalation
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15823); script_version("1.18"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2004-2504"); script_bugtraq_id(11736); script_name(english:"MDaemon File Creation Local Privilege Escalation"); script_summary(english:"Checks the remote version of Mdaemon"); script_set_attribute(attribute:"synopsis", value: "The remote mail server is prone to a local privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "It is reported that versions of MDaemon up to and including 7.2.0 are affected by a local privilege escalation vulnerability. An local attacker may increase his privilege and execute code with SYSTEM privileges."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Nov/1367"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Nov/1392"); script_set_attribute(attribute:"solution", value:"Upgrade to MDaemon 7.2.1 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/24"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:alt-n:mdaemon"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"SMTP problems"); script_dependencies("mdaemon_detect.nasl"); script_require_keys("mdaemon/installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); port = get_kb_item_or_exit("mdaemon/port"); version = get_kb_item_or_exit("mdaemon/"+port+"/version"); source = get_kb_item_or_exit("mdaemon/"+port+"/source"); fix = "7.2.1"; if (version =~ "^([0-6]\.\|(7\.[01]\|7\.2\.0)($\|[^0-9]))") { if (report_verbosity > 0) { report = '\n' + '\n Source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "MDaemon", port, version);

Summary

Vulnerable Configurations

Nessus

References