Detections
Analytics

MDaemon IMAP Server CREATE Command Mailbox Name Handling Overflow

high Nessus Plugin ID 11577

Language:

Synopsis

The remote IMAP server has a buffer overflow vulnerability.

Description

According to its banner, the version of MDaemon running on the remote host has a buffer overflow vulnerability in the CREATE command. A remote attacker could exploit this to execute arbitrary code, or cause a denial of service. A crash would prevent other MDaemon services (SMTP, POP) from running as well.

Solution

Upgrade to MDaemon 6.7.10 or later.

See Also

https://seclists.org/bugtraq/2003/Apr/353

Plugin Details

Severity: High

ID: 11577

File Name: mdaemon_create_overflow.nasl

Version: 1.21

Type: remote

Agent: windows

Family: Windows

Published: 5/6/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Required KB Items: mdaemon/installed

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2003-1470

BID: 7446

CWE: 119