Detections
Analytics

ALT-N MDaemon POP Server < 9.06 USER / APOP Command Overflow

medium Nessus Network Monitor Plugin ID 3734

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking one some POP server commands. Namely, 'USER' and 'APOP'. An attacker can exploit this vulnerability by submitting a very large values to these commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command. Successful exploitation would lead to the attacker executing arbitrary code on the remote server.

Solution

Upgrade to version 9.06 or higher.

See Also

http://www.altn.com

Plugin Details

Severity: Medium

ID: 3734

Family: POP Server

Published: 8/22/2006

Updated: 3/6/2019

Nessus ID: 22256

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Reference Information

CVE: CVE-2006-4364

BID: 19651