MDaemon Content Filter Traversal Arbitrary File Write

High Nessus Plugin ID 19310


The remote mail server is prone to directory traversal attacks.


According to its banner, the version of MDaemon on the remote host is prone to a directory traversal flaw that can be exploited to overwrite files outside the application's quarantine directory provided MDaemon's attachment quarantine feature is enabled.


Upgrade to MDaemon version 8.1.0 or later.

See Also

Plugin Details

Severity: High

ID: 19310

File Name: mdaemon_quarantine_dir_traversal.nasl

Version: $Revision: 1.13 $

Type: remote

Agent: windows

Family: Windows

Published: 2005/07/27

Modified: 2017/06/06

Dependencies: 66633

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Required KB Items: mdaemon/installed

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2005/07/26

Reference Information

BID: 14400

OSVDB: 18348

Secunia: 16173