Vulnerabilities > CVE-2004-2504 - Local Privilege Escalation vulnerability in Alt-N MDaemon

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
alt-n
nessus

Summary

The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.

Nessus

NASL familySMTP problems
NASL idMDAEMON_LOCAL_PRIVILEGES.NASL
descriptionIt is reported that versions of MDaemon up to and including 7.2.0 are affected by a local privilege escalation vulnerability. An local attacker may increase his privilege and execute code with SYSTEM privileges.
last seen2020-06-01
modified2020-06-02
plugin id15823
published2004-11-24
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15823
titleMDaemon File Creation Local Privilege Escalation
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15823);
  script_version("1.18");
  script_cvs_date("Date: 2018/11/15 20:50:24");

  script_cve_id("CVE-2004-2504");
  script_bugtraq_id(11736);

  script_name(english:"MDaemon File Creation Local Privilege Escalation");
  script_summary(english:"Checks the remote version of Mdaemon");

  script_set_attribute(attribute:"synopsis", value:
"The remote mail server is prone to a local privilege escalation
vulnerability.");
  script_set_attribute(attribute:"description", value:
"It is reported that versions of MDaemon up to and including 7.2.0 are
affected by a local privilege escalation vulnerability. 

An local attacker may increase his privilege and execute code with
SYSTEM privileges.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Nov/1367");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Nov/1392");
  script_set_attribute(attribute:"solution", value:"Upgrade to MDaemon 7.2.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/24");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:alt-n:mdaemon");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"SMTP problems");

  script_dependencies("mdaemon_detect.nasl");
  script_require_keys("mdaemon/installed");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

port = get_kb_item_or_exit("mdaemon/port");

version = get_kb_item_or_exit("mdaemon/"+port+"/version");
source = get_kb_item_or_exit("mdaemon/"+port+"/source");

fix = "7.2.1";
if (version =~ "^([0-6]\.|(7\.[01]|7\.2\.0)($|[^0-9]))")
{
  if (report_verbosity > 0)
  {
    report =
    '\n' +
    '\n  Source            : ' + source +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix +
    '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "MDaemon", port, version);