Vulnerabilities > CVE-2006-4620 - Unspecified vulnerability in Alt-N Webadmin
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account. Successful exploitation requires that the attacker is already a Domain administrator within the default domain of a MDaemon server. This vulnerability is addressed in the following product release: Alt-N, WebAdmin, 3.2.6
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
| NASL family | CGI abuses |
| NASL id | WEBADMIN_326.NASL |
| description | The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon. According to its banner, the installed version of WebAdmin enables a domain administrator within the default domain to hijack the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22306 |
| published | 2006-09-05 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22306 |
| title | WebAdmin < 3.2.6 MDaemon Account Hijacking |
References
- http://files.altn.com/WebAdmin/Release/RelNotes_en.txt
- http://secunia.com/advisories/21727
- http://securityreason.com/securityalert/1516
- http://www.osvdb.org/28548
- http://www.securityfocus.com/archive/1/445153/100/0/threaded
- http://www.teklow.com/advisories/TTG0602.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28776