CVE-2006-4620

Name of the Vulnerable Software and Affected Versions Alt-N WebAdmin versions 3.2.5 and possibly earlier versions MDaemon versions 9.0.6 and possibly earlier versions

Description The issue allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue. This is achieved by modifying the mailbox of the MDaemon user account to use the mailbox of another account through the useredit account.wdm module in Alt-N WebAdmin.

Recommendations For Alt-N WebAdmin version 3.2.5, restrict access to the useredit account.wdm module to prevent unauthorized modifications to the MDaemon user account mailbox. For MDaemon version 9.0.6, limit privileges for domain administrators to prevent them from accessing the system mail queue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.