Detections
Analytics

MDaemon IMAP Server FETCH Command Remote Buffer Overflow

high Nessus Plugin ID 31640

Language:

Synopsis

The remote mail server is affected by a buffer overflow vulnerability.

Description

According to its banner, the version of MDaemon installed on the remote host contains a stack-based buffer overflow in its IMAP server component that can be triggered via a FETCH command with a long BODY data item. An authenticated, remote attacker may be able to leverage this issue to crash the affected service or execute arbitrary code subject to the privileges under which the service operates.

Note that MDaemon by default runs as a service with SYSTEM privileges under Windows so successful exploitation could result in a complete compromise of the affected system.

Solution

Upgrade to MDaemon 9.6.5 or later.

See Also

http://files.altn.com/MDaemon/Release/RelNotes_en.html

Plugin Details

Severity: High

ID: 31640

File Name: mdaemon_965.nasl

Version: 1.22

Type: remote

Agent: windows

Family: Windows

Published: 3/21/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Required KB Items: mdaemon/installed

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Metasploit (MDaemon 9.6.4 IMAPD FETCH Buffer Overflow)

Reference Information

CVE: CVE-2008-1358

BID: 28245

CWE: 119

SECUNIA: 29382