MDaemon IMAP Service CREATE Command Mailbox Name Handling Overflow
High Nessus Network Monitor Plugin ID 1094
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionIt is possible to crash the remote MDaemon server by supplying an oversized argument to the CREATE imap command. An attacker may use this flaw to prevent other users from fetching their email. It will also crash other MDaemon services (SMTP, POP), thus preventing this server from receiving any email as well, or even to execute arbitrary code on this host with the privileges of the mdaemon IMAP daemon.
SolutionUpgrade to MDaemon 6.7.10 or later.