Alt-N MDaemon IMAP/SMTP Server Multiple Remote Buffer Overflow Vulnerabilities

Alt-N MDaemon is reportedly prone to multiple remote buffer overflow vulnerabilities. The vulnerabilities are likely due to a failure of the application to properly validate buffer sizes when processing command argument input.

By sending a large argument to certain SMTP commands or an IMAP command it is possible to cause this issue to present itself. Apparently, the application will not validate the size of the input before copying it into a finite buffer in process memory.

These issues can be leveraged to cause the affected process to crash, denying service to legitimate users. It is conjectured that these issues can also be leveraged to execute arbitrary code with the privileges of the user running the server on an affected computer.


Privacy Statement
Copyright 2010, SecurityFocus