[Full-disclosure] ALT-N MDaemon multiple vulnerabilities

Hello this is kcope, there are two remote vulnerabilities in the latest ALT-N MDaemon imapd product i don't know if any of them is exploitable .. the stack based buffer overflow seems promising, but it's not preauth so i didn't investigate it further. 1. Remote denial of service in AUTHENTICATE...

altn-mdaemon.txt

Hello this is kcope, there are two remote vulnerabilities in the latest ALT-N MDaemon imapd product i don't know if any of them is exploitable .. the stack based buffer overflow seems promising, but it's not preauth so i didn't investigate it further. 1. Remote denial of service in AUTHENTICATE...

Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/14315/info Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability. This issue presents itself when an attacker submits excessive data through the CREATE command subsequent to authentication This vulnerability may be leveraged to...

Multiple MDaemon mail server vulnerabilities

DoS on incomlete CRAM-MD4 handshake, buffer overflow on IMAP CREATE command...

Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC)

Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow PoC source: https://www.securityfocus.com/bid/14315/info Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability. This issue presents itself when an attacker submits excessive data through the CREATE command...

CVE-2002-1740

Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name NewFolder parameter...

CVE-2002-1739

Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords...

CVE-2002-1740

The CVE-2002-1740 entry describes a buffer overflow in WorldClient.cgi (WorldClient) of Alt-N Technologies MDaemon

CVE-2002-1739

Alt-N Technologies Mdaemon versions 5.0–5.0.6 store user passwords with a weak encryption algorithm, enabling local users to crack them. Local access is required; confidentiality impact is indicated. Remediation: upgrade to a version that uses stronger password encryption. The connected PT-securi...

CVE-2002-1738

Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email...

CVE-2002-1738

CVE-2002-1738 affects Alt-N Technologies MDaemon 5.0.5.0 and earlier. The issue is that a default MDaemon mail account is created with the password “MServer,” which could allow remote attackers to send anonymous email. The available sources describe the affected product and the default credential...

CVE-2002-1741

CVE-2002-1741 describes a directory traversal vulnerability in WorldClient.cgi within WorldClient for Alt-N Technologies MDaemon

CVE-2003-1200

CVE-2003-1200 is a stack-based buffer overflow in Alt-N MDaemon’s WorldClient form2raw.cgi (FORM2RAW.exe). A long From parameter to Form2Raw.cgi can cause remote code execution. Affected products include MDaemon versions 6.5.2–6.8.5 with WorldClient HTTP server enabled; upgrade to 6.8.6 or remove...

CVE-2003-1200

Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi...

CVE-2004-1546

CVE-2004-1546 affects MDaemon 6.5.1. The issue is a stack buffer overflow in the MDaemon SMTP and IMAP command processing (overly long arguments to SAML/SOML/SEND/MAIL or LIST), leading to denial of service (crash) and, per advisories, potential remote code execution with system privileges. Explo...

CVE-2004-1546

Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service application crash via a long 1 SAML, SOML, SEND, or MAIL command to the SMTP server or 2 LIST command to the IMAP server...

Alt-N WebAdmin MDaemon/RelayFax administration tool multiple bugs

Crossit scripting, user accounts editing, code execution...

CVE-2004-2292

Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service application crash via a long STATUS command to the IMAP server...

CVE-2004-2504

The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges...

Immunity Canvas: MDAEMON

Name| mdaemon ---|--- CVE| CVE-2004-2292 Exploit Pack| CANVAS Description| mdaemon imap Notes| CVSS: 5.0 Date public: 05/17/2004 VENDOR: Alt-N CVE Url: https://vulners.com/cve/CVE-2004-2292 CVE Name: CVE-2004-2292...