WebAdmin useredit_account.wdm Module MDaemon Account Access

2006-09-04T07:49:09
ID OSVDB:28548
Type osvdb
Reporter TTG(releases@teklow.com)
Modified 2006-09-04T07:49:09

Description

Vulnerability Description

MDaemon contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the 'useredit_account.wdm' module not properly protecting access to the details of the MDaemon account, which will disclose MDaemon account information resulting in a loss of confidentiality.

Technical Description

Successful exploitation requires the privileges of a domain administrator within the default domain of a MDaemon server.

Solution Description

Upgrade to version 3.2.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MDaemon contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the 'useredit_account.wdm' module not properly protecting access to the details of the MDaemon account, which will disclose MDaemon account information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.altn.com/ Secunia Advisory ID:21727 Other Advisory URL: http://www.teklow.com/advisories/TTG0602.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0030.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0043.html CVE-2006-4620