The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mdaemon | Alt-n | 6.8.0 (including) | 6.8.0 (including) |
| Mdaemon | Alt-n | 6.8.1 (including) | 6.8.1 (including) |
| Mdaemon | Alt-n | 6.8.2 (including) | 6.8.2 (including) |
| Mdaemon | Alt-n | 6.8.3 (including) | 6.8.3 (including) |
| Mdaemon | Alt-n | 6.8.4 (including) | 6.8.4 (including) |
| Mdaemon | Alt-n | 6.8.5 (including) | 6.8.5 (including) |
| Mdaemon | Alt-n | 7.2 (including) | 7.2 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html
- http://secunia.com/advisories/13225
- http://securitytracker.com/id?1012350
- http://www.osvdb.org/12158
- http://www.securityfocus.com/bid/11736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18287
- http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html
- http://secunia.com/advisories/13225
- http://securitytracker.com/id?1012350
- http://www.osvdb.org/12158
- http://www.securityfocus.com/bid/11736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18287