1. CVE-Search
  2. CVE-2006-4620
ID CVE-2006-4620
Summary The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account. Successful exploitation requires that the attacker is already a Domain administrator within the default domain of a MDaemon server. This vulnerability is addressed in the following product release: Alt-N, WebAdmin, 3.2.6
References
Vulnerable Configurations
  • cpe:2.3:a:alt-n:webadmin:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:alt-n:webadmin:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:alt-n:webadmin:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:alt-n:webadmin:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:alt-n:webadmin:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:alt-n:webadmin:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:alt-n:webadmin:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:alt-n:webadmin:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:alt-n:webadmin:*:*:*:*:*:*:*:*
    cpe:2.3:a:alt-n:webadmin:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:S/C:P/I:P/A:P
refmap via4
bugtraq 20060904 TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking
confirm http://files.altn.com/WebAdmin/Release/RelNotes_en.txt
misc http://www.teklow.com/advisories/TTG0602.txt
osvdb 28548
secunia 21727
sreason 1516
xf webadmin-mdaemon-privilege-escalation(28776)
Last major update 17-10-2018 - 21:38
Published 07-09-2006 - 00:04
Last modified 17-10-2018 - 21:38
Back to Top