MDaemon Server DomainPOP Malformed Message DoS

low Nessus Plugin ID 25683

Synopsis

The remote mail server is prone to a denial of service attack.

Description

According to its banner, the version of MDaemon installed on the remote host contains a vulnerability in its 'DomainPOP' Mail Collection component that may cause it to crash while processing a specially crafted message. An unauthenticated, remote attacker may be able to leverage this issue to deny service to legitimate users of the application.

Solution

Upgrade to MDaemon 9.6.1 or later.

See Also

http://files.altn.com/MDaemon/Release/RelNotes_en.html

Plugin Details

Severity: Low

ID: 25683

File Name: mdaemon_961.nasl

Version: 1.21

Type: remote

Agent: windows

Family: Windows

Published: 7/10/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Required KB Items: mdaemon/installed

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/6/2007

Reference Information

CVE: CVE-2007-3622

BID: 24787