5/6/03
A buffer overflow condition exists in MDaemon's IMAP service
in the processing of the CREATE command, which is
used to create mailboxes. An attacker with an IMAP account
on the vulnerable server could crash the IMAP, POP, SMTP, and LDAP services or execute arbitrary
commands with System privileges.
MDaemon 6.7.9 and earlier are affected by this vulnerability.
There are three vulnerabilities in MDaemon which could lead to a denial of service. Sending a very long string to the IMAP service which is included in MDaemon could cause MDaemon to crash, thus denying service not only to IMAP but also POP and SMTP.
3/27/01
CAN 2001-0064
CAN 2001-0583
The other two problems are denial-of-service
vulnerabilities affecting the web
configuration service and the Worldclient.
An attacker could exploit the vulnerability
by sending a request for a very long URL or
a request for a DOS device.
For more information on the older vulnerabilities, see Defcom Labs Advisories 2000-03 and 2001-11.