MDaemon Content Filter Traversal Arbitrary File Write

high Nessus Plugin ID 19310

Synopsis

The remote mail server is prone to directory traversal attacks.

Description

According to its banner, the version of MDaemon on the remote host is prone to a directory traversal flaw that can be exploited to overwrite files outside the application's quarantine directory provided MDaemon's attachment quarantine feature is enabled.

Solution

Upgrade to MDaemon version 8.1.0 or later.

See Also

http://files.altn.com/MDaemon/Release/RelNotes_en.html

Plugin Details

Severity: High

ID: 19310

File Name: mdaemon_quarantine_dir_traversal.nasl

Version: 1.16

Type: remote

Agent: windows

Family: Windows

Published: 7/27/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Required KB Items: mdaemon/installed

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/26/2005

Reference Information

BID: 14400

SECUNIA: 16173