CVE-2004-2504 (GCVE-0-2004-2504)
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
CWE
  • n/a
Summary
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2004-11/0385.htmlExploit
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.htmlExploit
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html
cve@mitre.orghttp://secunia.com/advisories/13225Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1012350Exploit
cve@mitre.orghttp://www.osvdb.org/12158
cve@mitre.orghttp://www.securityfocus.com/bid/11736
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18287
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13225Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1012350Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/12158
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11736
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18287
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:13.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mdaemon-gain-privileges(18287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18287"
          },
          {
            "name": "1012350",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1012350"
          },
          {
            "name": "13225",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13225"
          },
          {
            "name": "20041129 Privilege escalation flaw in MDaemon 7.2.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html"
          },
          {
            "name": "12158",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/12158"
          },
          {
            "name": "11736",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11736"
          },
          {
            "name": "20041130 Re: Privilege escalation flaw in MDaemon 7.2.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html"
          },
          {
            "name": "20041129 Privilege escalation flaw in MDaemon 7.2.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mdaemon-gain-privileges(18287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18287"
        },
        {
          "name": "1012350",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1012350"
        },
        {
          "name": "13225",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13225"
        },
        {
          "name": "20041129 Privilege escalation flaw in MDaemon 7.2.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html"
        },
        {
          "name": "12158",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/12158"
        },
        {
          "name": "11736",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11736"
        },
        {
          "name": "20041130 Re: Privilege escalation flaw in MDaemon 7.2.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html"
        },
        {
          "name": "20041129 Privilege escalation flaw in MDaemon 7.2.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mdaemon-gain-privileges(18287)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18287"
            },
            {
              "name": "1012350",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1012350"
            },
            {
              "name": "13225",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13225"
            },
            {
              "name": "20041129 Privilege escalation flaw in MDaemon 7.2.",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html"
            },
            {
              "name": "12158",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/12158"
            },
            {
              "name": "11736",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11736"
            },
            {
              "name": "20041130 Re: Privilege escalation flaw in MDaemon 7.2.",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html"
            },
            {
              "name": "20041129 Privilege escalation flaw in MDaemon 7.2.",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2504",
    "datePublished": "2005-10-25T04:00:00",
    "dateReserved": "2005-10-25T00:00:00",
    "dateUpdated": "2024-08-08T01:29:13.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-2504\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alt-n:mdaemon:6.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"437D2888-340C-48AB-815E-C04E5DE44CAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alt-n:mdaemon:6.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46604A07-FBB0-4111-8B1C-2D01086BBB71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alt-n:mdaemon:6.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AD17AD0-27FE-49F5-A23D-2DE672D87C17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alt-n:mdaemon:6.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4141E02E-C2DA-42C0-ABAB-62AFE4F869AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alt-n:mdaemon:6.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32AA5447-4879-41A7-8F92-CAB0C3CD5E6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alt-n:mdaemon:6.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9121D0-504E-444B-94C3-0E5C240376C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alt-n:mdaemon:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA25D7ED-BA8E-45E0-9399-B85499EF74D5\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/13225\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1012350\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/12158\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11736\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18287\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/13225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1012350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/12158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.