| VID |
18094 |
| Severity |
30 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
A version of Alt-N MDaemon IMAP Server which is older than version 8.1.0 is detected as running on the host. Alt-N MDaemon is an SMTP/IMAP server for Microsoft Windows operating systems. MDaemon versions prior to 8.1.0 are vulnerable to a directory traversal vulnerability, caused due to an input validation error in MDaemon's content filter. This could be exploited to overwrite files to arbitrary directories via e.g. a specially crafted email containing a virus-infected attachment with directory traversal sequences in its filename (e.g. "../../../../../file.exe").
* Note: This check solely relied on the banner of the remote IMAP server to assess this vulnerability, so this might be a false positive.
* References:
http://files.altn.com/MDaemon/Release/RelNotes_en.txt
http://secunia.com/advisories/16173/
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon versions prior to 8.1.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MDaemon IMAP Server (8.1.0 or later), available from the Alt-N Technologies Web site at http://www.altn.com/ |
| Related URL |
(CVE) |
| Related URL |
14400 (SecurityFocus) |
| Related URL |
21533 (ISS) |
|
