|
|
Family: CGI abuses --> Category: infos
WebAdmin < 3.2.6 MDaemon Account Hijacking Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of WebAdmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI application that is affected by a
privilege escalation issue.
Description :
The remote host is running WebAdmin, a web-based remote administration
tool for Alt-N MDaemon.
According to its banner, the installed version of WebAdmin enables a
domain administrator within the default domain to hijack the 'MDaemon'
account used by MDaemon when processing remote server and mailing list
commands.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049247.html
http://files.altn.com/WebAdmin/Release/RelNotes_en.txt
Solution :
Upgrade to WebAdmin version 3.2.6 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:P/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
