[NT] Multiple Vulnerabilities in Alt-N WebAdmin
From: SecuriTeam (support_at_securiteam.com)
To: firstname.lastname@example.org Date: 31 Jan 2005 08:53:49 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Multiple Vulnerabilities in Alt-N WebAdmin
is "a web application to administer MDaemon and RelayFax. It can be run on
its own or as an ISAPI application under Microsoft Internet Information
Services (IIS). MDaemon is an e-mail server for Microsoft Windows.
RelayFax is a fax server also for Microsoft Windows".
Several vulnerabilities in WebAdmin allows an attacker to perform Cross
Site Scripting attack as well as access and change other users' data.
* Alt-N WebAdmin version 3.0.2 and lower
* Alt-N WebAdmin version 3.0.4
Cross Site Scripting (XSS):
A Cross Site Scripting exists on the useredit_account.wdm file. Example:
Users can edit all the user accounts:
There is no validation on the useredit_account.wdm script to disable
access to other user accounts.
The file modalfram.wdm allows to load any web page to make it look as if
comes from the WebAdmin server.
An attacker will need to be able to logon to WebAdmin to take advantage of
the second vulnerability, but he/she will only be able to view or modify
the settings that he can modify on their own account (for example, if an
user cannot modify their own "Name", he/she won't be able to modify the
name in any other account, but if it is possible to modify their own
"Name", the attacker will be able to modify the name in any other
* Vendor notified on December 14, 2004.
* Vendor replied on December 14, 2004.
* Patch released on December 14, 2004.
The information has been provided by <mailto:email@example.com> David
Alonso P rez.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: firstname.lastname@example.org
In order to subscribe to the mailing list, simply forward this email to: email@example.com
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.