Tag: Security, Security / Home

Security

NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Home » Security

  • MDaemon POP3 server remote buffer overflow (preauth)

    0 answers - 2339 bytes - related search similar search Add To My Delicious Add To My Stumble Upon Add To My Google Mark Add To My Facebook Add To My Digg Add To My Reddit

    INFIG IS Security Advisory #ADV-2006-08-04
    http://www.infigo.hr/
    Title: MDaemon PP3 server remote buffer overflow (preauth)
    Advisory ID: INFIG
    Date: 2006-08-21
    Advisory URL:
    Impact: Remote code execution (preauth)
    Risk Level: High
    Vulnerability Type: Remote
    Vendors Status: Vendor contacted on 4th May 2006
    ==[
    MDaemon Server is a standards-based SMTP/PP/IMAP mail server that offers a
    full range of mail server functionality. MDaemon is designed to manage the
    email needs of any number of individual users and comes complete with a
    powerful set of integrated tools for managing mail accounts and message
    formats. MDaemon offers a scalable SMTP, PP3, and IMAP4 mail server
    complete with LDAP support, an integrated browser-based email client,
    content filtering, spam filters, extensive security features, and more.
    MDaemon can be found on http://www.altn.com/.
    ==[ Vulnerability
    During an audit, a critical vulnerability has been discovered in the
    MDaemon PP3 server. There is a buffer overflow vulnerability in 'USER'
    and 'APP' command processing part of the Altn MDaemon PP3 server.
    The vulnerability can be triggered with providing a long string to USER or
    APP commands with '@' characters included in the string. In this case,
    MDaemon will incorectly process the string and a heap overflow will happen
    as a result. To trigger the vulnerability, a few USER commands have to be
    sent to the PP3 Server. Sometimes (depending on the heap state and
    string length), it is even possible to redirect code execution directly to
    the supplied input buffer on the heap.
    ==[ Affected Version
    The vulnerability has been identified in the latest MDaemon 8/9. All
    previous versions are believed to be vulnerable as well.
    ==[ Fix
    Vulnerability is fixed in MDaemon 9.06
    ==[ PoC Exploit
    MDaemon PP3 server remote buffer overflow (preauth) PoC can be
    downloaded from .
    ==[ Credits
    Vulnerability discovered by Sasa Jusic <sasa.jusic (AT) infigo (DOT) hrand
    Leon Juranic <leon.juranic (AT) infigo (DOT) hr>
    ==[ INFIG IS Security Contact
    INFIG IS,
    WWW : http://www.infigo.hr
    E-mail : infocus (AT) infigo (DOT) hr

Re: MDaemon POP3 server remote buffer overflow (preauth)


max 4000 letters.
Your nickname that display:
In order to stop the spam: 6 + 5 =
QUESTION ON "Security"

EMSDN.COM