ALT-N MDaemon POP Server < 9.06 USER / APOP Command Overflow
Medium Nessus Network Monitor Plugin ID 3734
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionA buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking one some POP server commands. Namely, 'USER' and 'APOP'. An attacker can exploit this vulnerability by submitting a very large values to these commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command. Successful exploitation would lead to the attacker executing arbitrary code on the remote server.
SolutionUpgrade to version 9.06 or higher.