Detections
Analytics

WebAdmin < 3.2.6 MDaemon Account Hijacking

medium Nessus Plugin ID 22306

Language:

Synopsis

The remote web server contains a CGI application that is affected by a privilege escalation issue.

Description

The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon.

According to its banner, the installed version of WebAdmin enables a domain administrator within the default domain to hijack the 'MDaemon' account used by MDaemon when processing remote server and mailing list commands.

Solution

Upgrade to WebAdmin version 3.2.6 or later.

See Also

https://seclists.org/fulldisclosure/2006/Sep/38

https://seclists.org/bugtraq/2006/Sep/30

Plugin Details

Severity: Medium

ID: 22306

File Name: webadmin_326.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 9/5/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/4/2006

Reference Information

CVE: CVE-2006-4620

BID: 19841