MDaemon IMAP AUTHENTICATE command buffer overflow

2006-03-01T00:00:00
ID SAINT:507CAEA6FD5C8B86E4EE3489BB235B73
Type saint
Reporter SAINT Corporation
Modified 2006-03-01T00:00:00

Description

Added: 03/01/2006
BID: 14317
OSVDB: 18069

Background

MDaemon is an e-mail server for Windows.

Problem

The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the **AUTHENTICATE LOGIN** and **AUTHENTICATE CRAM-MD5** commands which can be exploited without logging into the server.

Resolution

Upgrade to MDaemon 8.0.4 or higher.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0442.html>

Limitations

Exploit works on MDaemon 8.0.3.

Platforms

Windows