Lucene search

[email protected]CVE-2006-5968

HistoryNov 17, 2006 - 10:07 p.m.

CVE-2006-5968

2006-11-1722:07:00

[email protected]

web.nvd.nist.gov

cve-2006-5968

mdaemon

insecure permissions

arbitrary code execution

rasapi32.dll

mprapi.dll

nvd

vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.

Affected configurations

NVD

Node

alt-nmdaemonMatch9.0.5

alt-nmdaemonMatch9.0.6

alt-nmdaemonMatch9.51

alt-nmdaemonMatch9.53

CPENameOperatorVersion
alt-n:mdaemonalt-n mdaemoneq9.0.5
alt-n:mdaemonalt-n mdaemoneq9.0.6
alt-n:mdaemonalt-n mdaemoneq9.51
alt-n:mdaemonalt-n mdaemoneq9.53

CPE	Name	Operator	Version
alt-n:mdaemon	alt-n mdaemon	eq	9.0.5
alt-n:mdaemon	alt-n mdaemon	eq	9.0.6
alt-n:mdaemon	alt-n mdaemon	eq	9.51
alt-n:mdaemon	alt-n mdaemon	eq	9.53

References

secunia.com/advisories/21554

secunia.com/secunia_research/2006-67/advisory/

securityreason.com/securityalert/1890

securitytracker.com/id?1017238

www.securityfocus.com/archive/1/451821/100/100/threaded

www.vupen.com/english/advisories/2006/4538

exchange.xforce.ibmcloud.com/vulnerabilities/30331

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2006-5968

cvelist1 nvd1