| VID |
18093 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
A version of Alt-N MDaemon IMAP Server which is older than version 8.0.4 is detected as running on the host. Alt-N MDaemon is an SMTP/IMAP server for Microsoft Windows operating systems. MDaemon version 8.0.3 and earlier versions are vulnerable to multiple buffer overflow vulnerabilities, caused by a vulnerability in the AUTHENTICATE LOGIN and the AUTHENTICATE CRAM-MD5 commands. A remote attacker could use these vulnerabilities to cause the affected server to crash or to execute arbitrary code on the server.
* Note: This check solely relied on the banner of the remote IMAP server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/16097/
http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035295.html
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon version 8.0.3 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Mdaemon IMAP Server (8.0.4 or later), available from the Alt-N Technologies Web site at http://www.altn.com/ |
| Related URL |
(CVE) |
| Related URL |
14315,14317 (SecurityFocus) |
| Related URL |
21423 (ISS) |
|
