At Axigen, ensuring the security and integrity of our mail server product is paramount. Recently, a local privilege escalation vulnerability (CVE-2024-28589) was addressed, reflecting our commitment to security. This event has prompted a broader discussion on our security philosophy, particularly regarding local vulnerabilities.
Local Privilege Escalation: A Low-Impact Concern
Within Axigen's security model, local privilege escalation vulnerabilities are considered low impact and priority. This classification is based on the utmost importance of the administrative realm. In essence, the environment managed by system administrators is presumed secure, with the responsibility for maintaining its integrity resting on their shoulders.
This perspective is informed by our threat model, which differentiates between untrusted and trusted networks, services, and users. It recognizes the varying levels of threat posed by vulnerabilities, depending on their accessibility and the prerequisites for exploitation.
The Axigen Threat Model Explained
Our threat model categorizes services into two categories:
- Services that face untrusted networks — WebMail, IMAP, POP3, other WebMail services such as ActiveSync, CardDAV, CalDAV, autodiscovery services
- Services that face trusted networks — WebAdmin, CLI, FTP, SNMP
This distinction is important for understanding the severity we assign to different vulnerabilities. For instance, issues affecting services on untrusted networks, accessible without authentication, are deemed critical. Conversely, vulnerabilities requiring authenticated access over trusted networks are considered of lower significance.
This model underscores the importance of context in assessing security risks. It emphasizes that not all vulnerabilities warrant the same level of response, with the nature of potential access playing a key role in determining priority.
| Network | Services | User | Vulnerability Impact | Notes |
|---|---|---|---|---|
|
The untrusted network (the Internet) |
WebMail IMAP POP3 SMTP Other WebMail / HTTP services (ActiveSync, CardDAV, CalDAV) |
An untrusted user (someone accessing a service before they have authenticated) | Critical |
Since these services are always exposed to the untrusted network and the vulnerability is accessible before any authentication, this vulnerability is critical. This means all activity ceases in Axigen, a patch is developed and published as soon as possible. |
|
The untrusted network (the Internet) |
WebMail IMAP POP3 SMTP Other WM services (ActiveSync, CardDAV, CalDAV) |
An authenticated user | High / Critical |
In a company environment where users are trusted, a vulnerability in this area is not necessarily critical. |
|
The trusted network (localhost or the company private network, 10.10.x.x, etc) |
WebAdmin CLI FTP |
An untrusted user (someone accessing a service before they have authenticated) | Moderate | |
|
The trusted network (localhost or the company private network, 10.10.x.x, etc) |
WebAdmin CLI FTP |
A trusted user (Axigen admin) | Very low |
In our threat model, we consider these vulnerabilities very low priority. E.g. an admin types in a wrong CLI command and the server crashes. We want to fix the issue that caused the crash, but we do not consider this a security vulnerability since it requires access from an authenticated user over a trusted network. |
|
The operating system (a shell on the server) |
Axigen process, storage |
superuser, axigen user |
Not applicable |
Secure Coding Practices
In line with our commitment to security, we pay particular attention when writing code for components interfacing with untrusted inputs. This includes treating all emails, DNS entries, and web inputs as potentially malicious and ensuring that our services are resilient against attempts at unauthorized data exfiltration.
Conclusion
At Axigen, our approach to security goes beyond just patching issues as they arise. It's about creating a system that's secure by design and reliable for all our users. With our latest security review and updates outlined in our early 2024 security update, we're taking proactive steps to ensure our defenses are as strong as possible. We urge our community to keep their systems up to date as part of this shared effort to stay ahead of threats. Good security is about planning for the future, not just reacting to the present.