MDaemon IMAP Server FETCH Command Remote Buffer Overflow
High Nessus Plugin ID 31640
SynopsisThe remote mail server is affected by a buffer overflow vulnerability.
DescriptionAccording to its banner, the version of MDaemon installed on the remote host contains a stack-based buffer overflow in its IMAP server component that can be triggered via a FETCH command with a long BODY data item. An authenticated, remote attacker may be able to leverage this issue to crash the affected service or execute arbitrary code subject to the privileges under which the service operates.
Note that MDaemon by default runs as a service with SYSTEM privileges under Windows so successful exploitation could result in a complete compromise of the affected system.
SolutionUpgrade to MDaemon 9.6.5 or later.