MDaemon < 9.0.6 POP3 Server USER / APOP Command Remote Overflow

Medium Nessus Plugin ID 22256


The remote POP3 server is affected by multiple buffer overflow flaws.


According to its banner, the POP3 server bundled with the version of MDaemon on the remote host has two buffer overflows that can be triggered with long arguments to the 'USER' and 'APOP' commands. By exploiting these issues, a remote, unauthenticated user can reportedly crash the affected service or run arbitrary code with LOCAL SYSTEM privileges.


Upgrade to MDaemon version 9.0.6 or later.

See Also

Plugin Details

Severity: Medium

ID: 22256

File Name: mdaemon_906.nasl

Version: $Revision: 1.15 $

Type: remote

Agent: windows

Family: Windows

Published: 2006/08/23

Modified: 2017/06/06

Dependencies: 66633

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Required KB Items: mdaemon/installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2006/08/22

Reference Information

CVE: CVE-2006-4364

BID: 19651

OSVDB: 28125