PT-2006-5176 · Alt N · Alt-N Webadmin+1

Ttg

Published

2006-08-26

Updated

2018-10-17

CVE-2006-4371

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Alt-N WebAdmin versions 3.2.3 through 3.2.4 MDaemon version 9.0.5

Description The issue allows remote authenticated global administrators to read arbitrary files. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the file parameter to the following API endpoints: "logfile view.wdm" and "configfile view.wdm".

Recommendations For Alt-N WebAdmin versions 3.2.3 through 3.2.4, restrict access to the "logfile view.wdm" and "configfile view.wdm" API endpoints to minimize the risk of exploitation. For MDaemon version 9.0.5, consider disabling the file parameter in the affected API endpoints until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4371

Affected Products

Alt-N Webadmin

Mdaemon

PT-2006-5176 · Alt N · Alt-N Webadmin+1

CVE-2006-4371

Related Identifiers

Affected Products

References · 11