Full Disclosure mailing list archives
Re: Privilege escalation flaw in MDaemon 7.2.
From: kf_lists <kf_lists () secnetops com>
Date: Tue, 30 Nov 2004 01:33:05 -0500
When I tested things it was on MDaemon 6.8Excuse me... they did respond and it was LESS than a year ago. =]. Here is how it went:
------------------------------------------------------ 02/03/2004 11:10 AM Hello! I have sent this on to the developers. However, the issue you describe would require a user to have a valid login and physical access to the machine. With both of those, they can login to the server and access the MDaemon GUI, which can also be further secured with a password. I'm not dismissing your submission, just providing feedback. If you have any questions, please let us know. Thanks!-- Billy Pinson Customer Service Lead Alt-N Technologies, Ltd. Helping The World Communicate! http://www.altn.com -------------------------------------------------------------- MDaemon 7.0 is coming! Faster multi-thread/multi-CPU server engine, market leading spam control, improved mobile and PDA support, enhanced security, and killer OWA style web mail. --------------------------------------------------------------
------------------------------------------------- 02/04/2004 06:33 PMThanks much... any time estimate on the fix? It sounds as if it may have a low priority since its being added to a list.
-KF Alt-N Sales - Billy Pinson wrote:
One thing the developers have suggested in the mean time is to change the service so that it can not interact with the desktop, this would prevent the GUI from showing up. If you need GUI access simply run the MDaemon ghost option. This will launch the GUI under the users account, rather than the system account. They have placed this on their list of things to be fixed.
------------------------------------------------- 03/18/2004 10:11 PM Alt-N Sales - Lina Daaboul wrote:
Hello,We do not have an estimated time at this time. If you have any questions, please let us know. Thanks!
-KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Privilege escalation flaw in MDaemon 7.2. Reed Arvin (Nov 29)
- Re: Privilege escalation flaw in MDaemon 7.2. Kevin Finisterre (Nov 29)
- Re: Privilege escalation flaw in MDaemon 7.2. kf_lists (Nov 29)
- Re: Privilege escalation flaw in MDaemon 7.2. Kevin Finisterre (Nov 29)