| VID |
18068 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
The MDaemon IMAP server, according to the version number, has 'SELECT' and 'EXAMINE' Buffer Overflow Vulnerabilities.
MDaemon is a multi-protocol mail server, developed by Alt-N Technologies, for Microsoft Windows systems. MDaemon versions 6.7.9 and earlier are vulnerable to a buffer overflow vulnerability in the IMAP Server, caused by a failure of the application to properly check buffer sizes on some IMAP server commands. By sending a specially crafted 'EXAMINE' or 'SELECT' IMAP command appended with 250 or more characters, an authenticated attacker could overflow a buffer and cause the server to crash. MDaemon must be restarted to regain normal functionality.
* Note: This check solely relied on the version number of the remote MDaemon IMAP server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2003/Jul/1007181.html
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon 6.7.9 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version(7.2.0 or later) or the version(6.8.0 or later) fixed the issue of Mdaemon, available from the Alt-N Technologies Web site at http://www.altn.com/download/default.asp?product%5Fid=MDaemon |
| Related URL |
CVE-2001-0584 (CVE) |
| Related URL |
2508 (SecurityFocus) |
| Related URL |
6279 (ISS) |
|
