MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006
BID: 14317
OSVDB: 18069

Background

MDaemon is an e-mail server for Windows.

Problem

The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server.

Resolution

Upgrade to MDaemon 8.0.4 or higher.

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0442.html

Limitations

Exploit works on MDaemon 8.0.3.

Platforms

Windows

Back to exploit index