| VID |
21957 |
| Severity |
30 |
| Port |
1000 |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Alt-N WebAdmin, according to its version number, has multiple vulnerabilities which exist in versions prior to 3.2.5. Alt-N WebAdmin is a web-based remote administration tool for Alt-N MDaemon mail server for Microsoft Windows operating systems. WebAdmin versions prior to 3.2.5 could allow remote authenticated domain administrators to traverse directories and view the contents of arbitrary files, caused by improper filtering of user-supplied input passed to the 'file' parameter of the 'logfile_view.wdm' and 'configfile_view.wdm' scripts.
In addition, the affected application also could allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
* Note: This check solely relied on the version number of WebAdmin on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://lists.altn.com/WebX?50@813.igqdaKNhCRb.0@.eeb9cff
http://files.altn.com/WebAdmin/Release/RelNotes_en.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048959.html
http://www.securityfocus.com/archive/1/archive/1/444012/100/0/threaded
http://www.frsirt.com/english/advisories/2006/3333
http://secunia.com/advisories/21558
* Platforms Affected:
Alt-N Technologies, Inc., WebAdmin versions prior to 3.2.5
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WebAdmin (3.2.5 or later), available from the WebAdmin Web site at http://www.altn.com/products/default.asp?product%5Fid=WebAdmin |
| Related URL |
CVE-2006-4370,CVE-2006-4371 (CVE) |
| Related URL |
19620,19631 (SecurityFocus) |
| Related URL |
28488,28489 (ISS) |
|
