OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: nitr0sHOTMAIL.COM
Date: Sat Mar 24 2001 - 19:49:21 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Advisory Name:MDaemon IMAP Denial Of Service
       Discovered:23rd Of March 2001
      Application:Alt-N Technologies MDaemon 3.5.6 -
    Other versions most likely prior to this
         Platform:Windows 2k,95/98/NT - others unknown
         Severity:Denial of service from application
           Credit:Liamereircom.net
    Vendor Status:Unknown - http://www.mdaemon.com/
    Overview:

    Some of the commands for the IMAP server do not
    have proper bounds checking, enabling a user to
    shutdown the service remotely.It should be noted that
    a user account is required.The commands affected
    are SELECT and EXAMINE.The SELECT command
    selects a mailbox so that messages in it can be
    accessed.EXAMINE works in the same way as
    SELECT, however the mailbox is marked as read-
    only and cannot be modified.

    Demonstration:

    Connect to the service which runs on port 143 default
    and login with the username and pass.

    * OK company.mail IMAP4rev1 MDaemon 3.5.6 ready

    1 LOGIN JOE PASSWORD
    * OK LOGIN completed
    1 SELECT AAAAAAA....

    Where A is more than 250 characters in length, once
    this is sent, MDaemon will send back the following
    error before closing the connection and terminating:

    1 NO Mailbox does not exist

    A restart of the application is needed to resume the
    service, no other applications are affected and the
    operating system performs as usual.

    liamereircom.net