MDaemon IMAP CREATE Command Remote Overflow

2005-07-18T07:41:56
ID OSVDB:18070
Type osvdb
Reporter kcope(kingcope@gmx.net)
Modified 2005-07-18T07:41:56

Description

Vulnerability Description

A remote overflow exists in MDaemon IMAP server. MDaemon fails to validate the boundary of the CREATE command. With a specially crafted request, an authorized attacker can cause a buffer overflow, resulting in a loss of integrity.

Solution Description

Upgrade to version 8.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in MDaemon IMAP server. MDaemon fails to validate the boundary of the CREATE command. With a specially crafted request, an authorized attacker can cause a buffer overflow, resulting in a loss of integrity.

References:

Vendor URL: http://www.altn.com/Products/Default.asp?product_id=MDaemon Security Tracker: 1014520 Secunia Advisory ID:16097 Related OSVDB ID: 18069 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0442.html ISS X-Force ID: 11896 Bugtraq ID: 7446