MDaemon FORM2RAW.exe script From field buffer overflow
| mdaemon-form2raw-from-bo (14097) |  High Risk |
Description:
MDaemon is vulnerable to a stack-based buffer overflow. By default, the FORM2RAW.exe CGI script listens on TCP port 3000. A remote attacker could create a specially-crafted message to FROM2Raw.exe containing more than 153 bytes in the "From" field to overflow a buffer and possibly execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
No remedy available as of February 6, 2010.
References:
- Alt-N Technologies Web site: Mdaemon.
- BugTraq Mailing List, Mon Dec 29 2003 - 13:57:21 CST: Remote buffer overflow in Mdaemon Raw message Handler.
- SecuriTeam Mailing List, Secuirty Holes & Exploits 16 Mar 2004: Remote Buffer Overflow in MDaemon (Exploit).
- BID-9317: Alt-N MDaemon/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability
- CVE-2003-1200: Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
- OSVDB ID: 3255: MDaemon Form2Raw CGI From Parameter Overflow
- SA10512: MDaemon Raw Message Handler Buffer Overflow Vulnerability
Platforms Affected:
- Alt-N MDaemon 6.52 - 6.85
- Microsoft Windows 2003 Server
Reported:
Dec 29, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net