Back to search
CVE-2006-5968
Published: Nov 17, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://secunia.com/secunia_research/2006-67/advisory/
x_refsource_MISC
ADV-2006-4538
vdb-entry
x_refsource_VUPEN
20061116 Secunia Research: MDaemon Insecure Default Directory Permissions
mailing-list
x_refsource_BUGTRAQ
21554
third-party-advisory
x_refsource_SECUNIA
mdaemon-folder-privilege-escalation(30331)
vdb-entry
x_refsource_XF
1890
third-party-advisory
x_refsource_SREASON
1017238
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now