| VID |
18101 |
| Severity |
30 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
A version of Alt-N MDaemon IMAP Server which is older than version 8.1.5 is detected as running on the host. Alt-N MDaemon is an SMTP/IMAP server for Microsoft Windows operating systems. MDaemon versions prior to 8.1.5 could allow a remote attacker to cause a denial of service, caused due to an input validation error in the IMAP service that does not properly handle email folder names containing format string specifiers. A remote, authenticated attacker could exploit this vulnerability to cause the application to crash or consume a large amount of system resources.
* Note: This check solely relied on the banner of the remote IMAP server to assess this vulnerability, so this might be a false positive.
* References:
http://files.altn.com/MDaemon/Release/RelNotes_en.txt
http://www.nsag.ru/vuln/888.html
http://www.frsirt.com/english/advisories/2006/0729
http://secunia.com/advisories/18921
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon versions prior to 8.1.5
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MDaemon IMAP Server (8.1.5 or later), available from the MDaemon Web site at http://www.altn.com/Products/Default.asp?product_id=MDaemon |
| Related URL |
CVE-2006-0925 (CVE) |
| Related URL |
16854 (SecurityFocus) |
| Related URL |
24916 (ISS) |
|
