Vulnerabilities > CVE-2006-5968 - Local Security vulnerability in Mdaemon

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

alt-n

NVD

Published: 2006-11-17

Updated: 2018-10-17

Summary

MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.

Vulnerable Configurations

Part	Description	Count
Application	Alt-N ALT N Mdaemon 9.0.5 ALT N Mdaemon 9.0.6 ALT N Mdaemon 9.51 ALT N Mdaemon 9.53	4

References

http://secunia.com/advisories/21554
http://secunia.com/secunia_research/2006-67/advisory/
http://securityreason.com/securityalert/1890
http://securitytracker.com/id?1017238
http://www.securityfocus.com/archive/1/451821/100/100/threaded
http://www.vupen.com/english/advisories/2006/4538
https://exchange.xforce.ibmcloud.com/vulnerabilities/30331