Insecure Permissions in MDaemon Application Allow Code Execution Risk
CVE-2006-5968

Currently unrated

Key Information:

Vendor: Alt-n
Status: Mdaemon
Vendor: CVE Published:; 17 November 2006

What is CVE-2006-5968?

MDaemon Email Server versions 9.0.5, 9.0.6, 9.51, and 9.53 have been found to install with insecure permissions on the application folder. This misconfiguration permits local users to create and modify files in the application directory, enabling them to introduce malicious DLL files, such as RASAPI32.DLL or MPRAPI.DLL. These files can be executed by the server due to an untrusted search path, leading to potential arbitrary code execution within the system.

References

http://secunia.com/secunia_research/2006-67/advisory/

x_refsource_MISC

http://www.vupen.com/english/advisories/2006/4538

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/451821/100/100/thr...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Nov 17, 2006
Vulnerability Reserved
Nov 17, 2006

Alt-n

What is CVE-2006-5968?

References

Timeline