| VID |
18067 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
The MDaemon IMAP server, according to its version number, has a 'CREATE' Buffer Overflow Vulnerability.
MDaemon is a multi-protocol mail server, developed by Alt-N Technologies, for Microsoft Windows systems. MDaemon 6.7.9 and earlier versions are vulnerable to a buffer overflow vulnerability in the IMAP server, caused by a failure of the application to properly validate buffer sizes when processing the 'CREATE' command. By sending a larger data than 1KB with the 'CREATE' command to the IMAP server, an authenticated remote attacker could buffer overflow and cause the IMAP service to crash or execute arbitrary code with System privileges.
* Note: This check solely relied on the version number of the remote MDaemon IMAP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-04/0352.html
http://securitytracker.com/alerts/2003/Jun/1006941.html
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon 6.7.9 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Mdaemon (7.2.0 or later), available from the Alt-N Technologies Web site at http://www.altn.com/download/default.asp?product%5Fid=MDaemon |
| Related URL |
CVE-2003-1470 (CVE) |
| Related URL |
7446 (SecurityFocus) |
| Related URL |
11896 (ISS) |
|
