CVE-2006-5968
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/11/2006
Last modified:
09/04/2025
Description
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:alt-n:mdaemon:9.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alt-n:mdaemon:9.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alt-n:mdaemon:9.51:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alt-n:mdaemon:9.53:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/21554
- http://secunia.com/secunia_research/2006-67/advisory/
- http://securityreason.com/securityalert/1890
- http://securitytracker.com/id?1017238=
- http://www.securityfocus.com/archive/1/451821/100/100/threaded
- http://www.vupen.com/english/advisories/2006/4538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30331
- http://secunia.com/advisories/21554
- http://secunia.com/secunia_research/2006-67/advisory/
- http://securityreason.com/securityalert/1890
- http://securitytracker.com/id?1017238=
- http://www.securityfocus.com/archive/1/451821/100/100/threaded
- http://www.vupen.com/english/advisories/2006/4538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30331