Main Vulnerability Database Vulnerabilities #VU334

File attachment security issue in MDaemon - #VU334

Published: August 20, 2016

Vulnerability identifier: #VU334

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Alt-N

Affected software:
MDaemon

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unknown error, related to file attachments. A remote unauthenticated attacker can bypass certain security restrictions.

Maximum impact from this vulnerability is unknown, however vendor has rated this vulnerability as critical.

Remediation

Install the latest version from vendor's website. This vulnerability was fixed in the following versions:
11.0.x - 11.0.5
12.0.x - 12.0.6
12.5.x - 12.5.9
13.0.x - 13.0.8
13.5.x - 13.5.5
13.6.x - 13.6.5
14.0.x - 14.0.5
14.5.x - 14.5.5
15.0.x - 15.0.4
15.5.x - 15.5.4
16.0.x - 16.0.4

Sources

http://www.altn.com/Support/SecurityUpdate/MD070716_MDaemon_EN/

File attachment security issue in MDaemon - #VU334

Detailed vulnerability description

Remediation

Sources

Please verify you're human