MDaemon Vulnerabilities
Updated 3/27/01
Impact
A buffer overflow in MDaemon could allow
a remote attacker to cause multiple network services to
shut down.
Background
MDaemon is an
e-mail server for Windows. It includes SMTP,
POP, and IMAP services,
a web-based e-mail client, and a web configuration
service.
The Problem
There are three vulnerabilities in MDaemon which could lead
to a denial of service. Sending a very long string to the
IMAP service which is included in MDaemon
could cause MDaemon to crash, thus denying service not
only to IMAP but also POP
and SMTP.
The other two problems are denial-of-service
vulnerabilities affecting the web
configuration service and the Worldclient.
An attacker could exploit the vulnerability
by sending a request for a very long URL or
a request for a DOS device.
Resolution
Upgrade
to MDaemon 3.5.6 or higher.
Where can I read more about this?
For more information, see Defcom Labs Advisories
2000-03 and 2001-11.