alt-n mdaemon prior 7.2.1 local privilege escalation vulnerability.plugin

全面网络扫描器VB源代码 很实用

<plugin_id>335</plugin_id>
<plugin_name>Alt-N MDaemon prior 7.2.1 local privilege escalation vulnerability</plugin_name>
<plugin_family>SMTP</plugin_family>
<plugin_created_date>2005/01/09</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc.ruef at computec.ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_version>1.1</plugin_version>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>25</plugin_port>
<plugin_procedure_detection>open|sleep|close|pattern_exists 220*ESMTP MDaemon [0-6].* OR 220*ESMTP MDaemon 7.[0-1].* OR 220*ESMTP MDaemon 7.2.[0-1]*</plugin_procedure_detection>
<plugin_detection_accuracy>80</plugin_detection_accuracy>
<plugin_comment>The NASL script is Copyright (C) 2004 Tenable Network Security</plugin_comment>
<bug_produced_name>Alt-N</bug_produced_name>
<bug_affected>Alt-N MDaemon prior 7.2.1</bug_affected>
<bug_not_affected>Alt-N MDaemon newer than 7.2.1</bug_not_affected>
<bug_vulnerability_class>Unknown</bug_vulnerability_class>
<bug_description>The remote host is running Alt-N MDaemon, a SMTP/IMAP server for the Windows operating system family. It is reported that versions up to and including 7.2.0 are prone to local privilege escalation vulnerability. An local attacker may increase his privilege and execute code with SYSTEM  privileges.</bug_description>
<bug_solution>Upgrade to MDaemon 7.2.1 or newer.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Maybe</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/11736/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>4</bug_popularity>
<bug_simplicity>5</bug_simplicity>
<bug_impact>8</bug_impact>
<bug_risk>5</bug_risk>
<bug_nessus_risk>Medium</bug_nessus_risk>
<bug_check_tool>Nessus can check this flaw with the plugin 15823 (Alt-N MDaemon Local Privilege Escalation Vulnerability).</bug_check_tool>
<source_securityfocus_bid>11736</source_securityfocus_bid>
<source_nessus_id>15823</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>