Vulnerability Description
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alt-N | Mdaemon | 9.0.5 |
References
- http://secunia.com/advisories/21554
- http://secunia.com/secunia_research/2006-67/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1890
- http://securitytracker.com/id?1017238
- http://www.securityfocus.com/archive/1/451821/100/100/threaded
- http://www.vupen.com/english/advisories/2006/4538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30331
- http://secunia.com/advisories/21554
- http://secunia.com/secunia_research/2006-67/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1890
- http://securitytracker.com/id?1017238
- http://www.securityfocus.com/archive/1/451821/100/100/threaded
- http://www.vupen.com/english/advisories/2006/4538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30331
FAQ
What is CVE-2006-5968?
CVE-2006-5968 is a vulnerability with a CVSS score of 4.6 (MEDIUM). MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execu...
How severe is CVE-2006-5968?
CVE-2006-5968 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5968?
Check the references section above for vendor advisories and patch information. Affected products include: Alt-N Mdaemon.