|
Advisory Name:MDaemon IMAP Denial Of Service
Discovered:23rd Of March 2001
Application:Alt-N Technologies MDaemon 3.5.6 -
Other versions most likely prior to this
Platform:Windows 2k,95/98/NT - others unknown
Severity:Denial of service from application
Credit:Liamer@eircom.net
Vendor Status:Unknown - http://www.mdaemon.com/
Overview:
Some of the commands for the IMAP server do not
have proper bounds checking, enabling a user to
shutdown the service remotely.It should be noted that
a user account is required.The commands affected
are SELECT and EXAMINE.The SELECT command
selects a mailbox so that messages in it can be
accessed.EXAMINE works in the same way as
SELECT, however the mailbox is marked as read-
only and cannot be modified.
Demonstration:
Connect to the service which runs on port 143 default
and login with the username and pass.
* OK company.mail IMAP4rev1 MDaemon 3.5.6 ready
1 LOGIN JOE PASSWORD
* OK LOGIN completed
1 SELECT AAAAAAA....
Where A is more than 250 characters in length, once
this is sent, MDaemon will send back the following
error before closing the connection and terminating:
1 NO Mailbox does not exist
A restart of the application is needed to resume the
service, no other applications are affected and the
operating system performs as usual.
liamer@eircom.net
|
