MDaemon IMAP folder name denial of service
| mdaemon-imap-foldername-dos (24916) |  Medium Risk |
Description:
MDaemon is vulnerable to a denial of service. A remote attacker could create a specially-crafted email folder name containing format specifiers to cause the IMAP service to consume a large amount of CPU resources or possibly crash.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of MDaemon (8.15 or later), available from the MDaemon Web site. See References.
References:
- BID-16854: Alt-N MDaemon IMAP Server Remote Format String Vulnerability
- CVE-2006-0925: Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers.
- SA18921: MDaemon IMAP Mail Folder Name Denial of Service
- VUPEN/ADV-2006-0729: MDaemon IMAP Service Folder Name Denial of Service Vulnerability
Platforms Affected:
- Alt-N MDaemon 8.1.1
- Alt-N MDaemon 8.1.4
Reported:
Feb 24, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net