| VID |
18066 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The MDaemon SMTP server, according to its version number, has multiple Buffer Overflow Vulnerabilities.
MDaemon is a multi-protocol mail server, developed by Alt-N Technologies, for Microsoft Windows systems. MDaemon version 6.5.1 and earlier versions are vulnerable to Buffer Overflow Vulnerabilities in the SMTP server, caused by a failure of the application to properly validate buffer sizes when processing command argument input. By supplying a specially crafted SAML, SOML, SEND, or MAIL command to the server, a remote attacker could overflow the buffer and cause the server to crash and potentially execute arbitrary code.
* Note: This check solely relied on the version number of the remote MDaemon SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2004/Sep/1011386.html
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon 6.5.1 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Mdaemon (7.2.0 or later), available from the Alt-N Technologies Web site at http://www.altn.com/download/default.asp?product%5Fid=MDaemon |
| Related URL |
CVE-2004-1546 (CVE) |
| Related URL |
11238 (SecurityFocus) |
| Related URL |
17477 (ISS) |
|
