WebAdmin < 3.2.5 Multiple Vulnerabilities

high Nessus Plugin ID 22257

Synopsis

The remote web server contains a CGI application that is affected by multiple issues.

Description

The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon.

According to its banner, the installed version of WebAdmin fails to properly filter directory traversal sequences from the 'file' parameter of the 'logfile_view.wdm' and 'configfile_view.wdm' scripts. A global administrator can leverage this issue to read and write to arbitrary files on the affected host, subject to the privileges of the web server user id, which in the case WebAdmin's internal web server is used, is LOCAL SYSTEM.

In addition, the affected application also reportedly allows a domain administrator to edit the account of a global administrator, which can be leveraged to login as the global administrator by changing his password.

Solution

Upgrade to WebAdmin 3.2.5 or later.

See Also

https://seclists.org/fulldisclosure/2006/Aug/523

http://lists.altn.com/[email protected]@.eeb9cff

Plugin Details

Severity: High

ID: 22257

File Name: webadmin_325.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 8/23/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/21/2006

Reference Information

CVE: CVE-2006-4370, CVE-2006-4371

BID: 19620, 19631