MDaemon IMAP Server Mail Folder Name Format String

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote IMAP server is affected by a format string vulnerability.

Description :

The remote host is running Alt-N MDaemon, an SMTP/IMAP server for the
Windows operating system family.

The IMAP server component of MDaemon is affected by a format string
vulnerability involving folders with format string specifiers in their
names . An authenticated attacker can leverage this issue to cause
the remote host to consume excessive CPU resources.

Further, given the nature of format string vulnerabilities, this issue
is likely to lead to the execution of arbitrary code as LOCAL SYSTEM.

See also :

http://www.nsag.ru/vuln/888.html
http://files.altn.com/MDaemon/Release/RelNotes_en.html

Solution :

Upgrade to MDaemon 8.15 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.5
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 20987 ()

Bugtraq ID: 16854

CVE ID: CVE-2006-0925

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now