Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gain a shell remotely --> Category: infos

MDaemon IMAP CREATE overflow Vulnerability Scan

Vulnerability Scan Summary
Acertains the version number of the remote IMAP server

Detailed Explanation for this Vulnerability Test

It is possible to crash the remote MDaemon server by suppling
an oversized argument to the CREATE imap command.

A possible hacker may use this flaw to prevent other users from
fetching their e-mail. It will also crash other MDaemon services
(SMTP, POP), thus preventing this server from receiving any email
as well, or even to execute arbitrary code on this host with the
rights of the mdaemon IMAP daemon.

To exploit this flaw, a valid IMAP account is needed.

*** Nessus solely relied on the version number of the remote server
*** to issue this warning.

Solution : upgrade to MDaemon 6.7.10 or newer
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.