Alt-N MDaemon Multiple Buffer Overflows (IMAP)

critical Nessus Network Monitor Plugin ID 2310

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running Alt-N MDaemon, a SMTP/IMAP server for Windows operating systems. It is reported that versions up to and including 6.5.1 are prone to multiple buffer overflows. An attacker may deny service to legitimate users or execute arbitrary code on the remote server. The attacker needs to authenticate in order to exploit these vulnerabilities against the IMAP server but it doesn't need to do so against the SMTP server.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Critical

ID: 2310

Family: IMAP Servers

Published: 9/23/2004

Updated: 3/6/2019

Nessus ID: 14804

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:alt-n:mdaemon

Reference Information

CVE: CVE-2004-1546

BID: 11238