|
|
Family: Gain root remotely --> Category: mixed
MDaemon IMAP Server Format String Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for format string vulnerability in MDaemon IMAP server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IMAP server is affected by a format string vulnerability.
Description :
The remote host is running Alt-N MDaemon, an SMTP/IMAP server for the
Windows operating system family.
The IMAP server component of MDaemon is affected by a format string
vulnerability involving folders with format string specifiers in their
names . An authenticated attacker can leverage this issue to cause
the remote host to consume excessive CPU resources.
Further, given the nature of format string vulnerabilities, this issue
is likely to lead to the execution of arbitrary code as LOCAL SYSTEM.
See also :
http://www.nsag.ru/vuln/888.html
http://files.altn.com/MDaemon/Release/RelNotes_en.txt
Solution :
Upgrade to MDaemon 8.15 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:N/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
