MDaemon IMAP CREATE command buffer overflow
| mdaemon-imap-create-bo (11896) |  High Risk |
Description:
MDaemon is vulnerable to a buffer overflow in the IMAP service, caused by insufficient bounds checking of the CREATE command. By creating a mailbox name greater than 1 KB, a remote attacker with a valid account could overflow a buffer and cause all of MDaemon's mail services to crash or execute arbitrary code on the server with SYSTEM level privileges.
Platforms Affected:
- Alt-N, MDaemon 6.7.9 and prior
- Alt-N, MDaemon 8.0.3
- Microsoft, Windows 2003 Server
Remedy:
Upgrade to the latest version (7.2.0 or later), available from the Alt-N Technologies Web site. See References.
Consequences:
Gain Access
References:
- Alt-N Technologies Web site, Mdaemon at http://www.altn.com/Default.asp.
- BugTraq Mailing List, Sat Apr 26 2003 - 22:27:01 CDT, MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow at http://archives.neohapsis.com/archives/bugtraq/2003-04/0352.html.
- BID-14315: Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
- BID-14317: Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow Vulnerability
- BID-7446: Alt-N MDaemon IMAP Server Folder Creation Buffer Overflow Vulnerability
- CVE-2003-1470: Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
Reported:
Apr 26, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net