Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MDaemon IMAP Service CREATE Command Mailbox Name Handling Overflow

High

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

It is possible to crash the remote MDaemon server by supplying an oversized argument to the CREATE imap command. An attacker may use this flaw to prevent other users from fetching their email. It will also crash other MDaemon services (SMTP, POP), thus preventing this server from receiving any email as well, or even to execute arbitrary code on this host with the privileges of the mdaemon IMAP daemon.

Solution

Upgrade to MDaemon 6.7.10 or later.