MDaemon IMAP Server CREATE Command Mailbox Name Handling Overflow

High Nessus Plugin ID 11577


The remote IMAP server has a buffer overflow vulnerability.


According to its banner, the version of MDaemon running on the remote host has a buffer overflow vulnerability in the CREATE command. A remote attacker could exploit this to execute arbitrary code, or cause a denial of service. A crash would prevent other MDaemon services (SMTP, POP) from running as well.


Upgrade to MDaemon 6.7.10 or later.

See Also

Plugin Details

Severity: High

ID: 11577

File Name: mdaemon_create_overflow.nasl

Version: $Revision: 1.18 $

Type: remote

Agent: windows

Family: Windows

Published: 2003/05/06

Modified: 2016/10/27

Dependencies: 66633

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Required KB Items: mdaemon/installed

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2003-1470

BID: 7446

OSVDB: 55186

CWE: 119