MDaemon Vulnerabilities

Updated 5/6/03
CAN 2001-0064
CAN 2001-0583

Impact

A buffer overflow in MDaemon could allow a remote attacker to cause multiple network services to shut down.

Background

MDaemon is an e-mail server for Windows. It includes SMTP, POP, and IMAP services, a web-based e-mail client, and a web configuration service.

The Problem

IMAP CREATE Buffer Overflow

5/6/03
A buffer overflow condition exists in MDaemon's IMAP service in the processing of the CREATE command, which is used to create mailboxes. An attacker with an IMAP account on the vulnerable server could crash the IMAP, POP, SMTP, and LDAP services or execute arbitrary commands with System privileges.

MDaemon 6.7.9 and earlier are affected by this vulnerability.

MDaemon Denial of Service

There are three vulnerabilities in MDaemon which could lead to a denial of service. Sending a very long string to the IMAP service which is included in MDaemon could cause MDaemon to crash, thus denying service not only to IMAP but also POP and SMTP.

3/27/01
CAN 2001-0064
CAN 2001-0583
The other two problems are denial-of-service vulnerabilities affecting the web configuration service and the Worldclient. An attacker could exploit the vulnerability by sending a request for a very long URL or a request for a DOS device.

Resolution

Upgrade to MDaemon 6.8.0 or higher. This version will presumably contain a fix. If version 6.8.0 is not yet available, it would be advisable to disable the IMAP service and use POP instead.

Where can I read more about this?

The buffer overflow in IMAP was posted to Bugtraq.

For more information on the older vulnerabilities, see Defcom Labs Advisories 2000-03 and 2001-11.