header-logo
Suggest Exploit
vendor:
MDaemon
by:
Unknown
4
CVSS
MEDIUM
Denial of Service
400
CWE
Product Name: MDaemon
Affected Version From: MDaemon 3.5.6
Affected Version To: MDaemon 3.5.6
Patch Exists: NO
Related CWE: CVE-2001-0525
CPE: a:mdaemon:mdaemon:3.5.6
Metasploit:
Other Scripts:
Platforms Tested:
2001

MDaemon IMAP Service Denial of Service

A successfully logged-in user, via IMAP, could cause MDaemon to terminate the connection. If the user submits either a 'SELECT' or 'EXAMINE' command appended with 250 or more characters, MDaemon will refuse any new connections to the IMAP service. A restart of the service is required in order to gain normal functionality.

Mitigation:

Apply the vendor-supplied patch or upgrade to a version that is not affected.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2508/info

A successfully logged-in user, via IMAP, could cause MDaemon to terminate the connection. If the user submits either a 'SELECT' or 'EXAMINE' command appended with 250 or more characters, MDaemon will refuse any new connections to the IMAP service. A restart of the service is required in order to gain normal functionality. 

* OK company.mail IMAP4rev1 MDaemon 3.5.6 ready

1 LOGIN JOE PASSWORD
* OK LOGIN completed
1 SELECT AAAAAAA....

Navigation

Suggest Exploit

Services By CQR

cqrsecured