Alt-N MDaemon WebAdmin Arbitrary Command Execution Vulnerability

Release date:
Updated on: 2013-02-23

Affected Systems:
Alt-N MDaemon <= 13.0.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58084
 
Alt-N MDaemon is a Windows-based email service program, and WorldClient is its client.
 
The user account import function of the Alt-N WebAdmin application has the remote code execution vulnerability. Attackers can use controlled users or non-administrator accounts to create accounts in the system or modify existing accounts. The automatic response "program processing" function may be enabled, causing arbitrary command execution.
 
<* Source: QSecure
Demetris Papapetrou

Link: http://seclists.org/bugtraq/2013/Feb/94
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Vulnerable URL:
Http://www.example.com: 3000/WorldClient. dll? Session = [SESSION_ID] & View = WebAdmin
 
Encoded Auth String:
GaDAQBQOP3cymUmJxiNVaz80JTAklc/c + q7fAhmklkQSdp0XMo2X/4aVhqMtLz4OLuCf6v2T0Gc9KKHkvn
Ok0B9ARyso9/k
 
Decoded Auth String:
User = test % 40ac1dc0de.com & Password = 111111Ab & TimeStamp = 1344532850 & Lang = en

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Alt-N
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.altn.com