MDaemon Vulnerabilities
New (3.1.3)
Impact
A buffer overflow in MDaemon could allow
a remote attacker to cause multiple network services to
shut down.
Background
MDaemon is an
e-mail server for Windows. It includes SMTP,
POP, and IMAP services,
a web-based e-mail client, and a web configuration
service.
The Problem
There are two vulnerabilities in MDaemon which could lead
to a denial of service. Sending a very long string to the
IMAP service which is included in MDaemon
could cause MDaemon to crash, thus denying service not
only to IMAP but also POP
and SMTP.
The second problem is a denial-of-service
vulnerability affecting the web
configuration service. An attacker could exploit the vulnerability
by sending a request for a very long URL.
Resolution
Upgrade
to MDaemon 3.5.1.0 or higher.
Where can I read more about this?
For more information, see
Defcom Labs
Advisory 2000-03.