Intel InBusiness E-mail Station daynad Authentication Error

2000-01-02T00:00:00
ID OSVDB:6489
Type osvdb
Reporter Kit Knox(kit@connectnet.com)
Modified 2000-01-02T00:00:00

Description

Vulnerability Description

The Intel InBusiness E-mail Station contains a flaw in the "daynad" server daemon that may allow a user to issue unauthenticated commands. The issue is due do the program not containing sufficient authentication for the commands available through the service. It is possible that the flaw may allow user to read mail, remove files and modify the server configuration while unauthenticated resulting in a loss of confidentiality and integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. The Intel InBusiness Email Station is no longer being developed or supported by Intel. It is possible to correct the flaw by implementing the following workaround: filter TCP port 244.

Short Description

The Intel InBusiness E-mail Station contains a flaw in the "daynad" server daemon that may allow a user to issue unauthenticated commands. The issue is due do the program not containing sufficient authentication for the commands available through the service. It is possible that the flaw may allow user to read mail, remove files and modify the server configuration while unauthenticated resulting in a loss of confidentiality and integrity.

References:

Vendor URL: http://support.intel.com/support/inbusiness/emailstation/ Vendor URL: http://support.intel.com/support/inbusiness/emailstation/index.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-01/0036.html ISS X-Force ID: 3903 CVE-2000-0068