ALT-N MDaemon < 6.5.0 POP Server Overflow DoS

Medium Nessus Network Monitor Plugin ID 1797

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking one some POP server commands. An attacker can exploit this vulnerability by submitting a very large integer value to some commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command.

Solution

Upgrade to MDaemon 6.5.0 or higher.

Plugin Details

Severity: Medium

ID: 1797

Family: POP Server

Published: 2004/08/20

Updated: 2019/03/06

Dependencies: 3035

Nessus ID: 11570

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Reference Information

CVE: CVE-2002-1539

BID: 6053