Privilege Escalation in Alt-N WebAdmin for MDaemon by Domain Administrators
CVE-2006-4620

Currently unrated

Key Information:

Vendor

Alt-n

Status
Webadmin
Vendor
CVE Published:
7 September 2006

What is CVE-2006-4620?

The 'useredit_account.wdm' module in Alt-N WebAdmin versions using MDaemon allows a remote authenticated domain administrator to modify user account settings, enabling unauthorized access to the system mail queue. By altering the mailbox settings of a MDaemon user account to a different account's mailbox, the attacker can escalate privileges and manipulate email data, posing significant security risks to the mail server.

References

http://www.securityfocus.com/archive/1/445153/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.osvdb.org/28548
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/21727
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.