Some of the commands for the IMAP server do not Severity:Denial of service from Status:Unknown. Platform:Windows 2k,95/98/NT - others unknown Vendor URL: / (Links to External Site)Ĭause: Boundary error, Input validation errorĪdvisory Name:MDaemon IMAP Denial Of ServiceĪpplication:Alt-N Technologies MDaemon 3.5.6. No solution was available at the time of this entry. Where A is more than 250 characters in length, once this is sent, MDaemon will send back the following error before closing the connection and terminating:Ī restart of the application is needed to resume the service, no other applications are affected and the operating system performs as usual.Ī remote user with a valid user account can cause the MDaemon service to shutdown, requirig a restart of the application to resume normal service.
* OK company.mail IMAP4rev1 MDaemon 3.5.6 ready The author of the source message provides demonstration exploit steps:Ĭonnect to the service (which runs by default on port 143) and login with the username and pass. The EXAMINE commands performs in the same manner as the SELECT command, except that the mailbox is marked as read-only and cannot be modified. The SELECT command selects a mailbox for access. The vulnerable commands are SELECT and EXAMINE.
Some of the commands for the IMAP server do not have proper bounds checking, enabling a remote user with a valid user account to shutdown the service. Home | View Topics | Search | Contact Us |Īlt-N's MDaemon IMAP Mail Server Can Be Crashed Remotely By Authorized UsersĬVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)ĭenial of service conditions are reportedly possible with Alt-N's MDaemon mail server. Alt-N's MDaemon IMAP Mail Server Can Be Crashed Remotely By Authorized Users - SecurityTracker
0 kommentar(er)
