MDaemon Vulnerable to a Denial of Service (DoS) Attack

Reported December 19 by Defcom Labs

VERSIONS AFFECTED
  • MDaemon 3.5.0

DESCRIPTION

A Denial of Service (DoS) attack has been discovered in MDaemon 3.5.0. By sending a long character string followed with \r\n to port 143 (IMAP), a malicious user can cause all MDaemon services to stop responding.

VENDOR RESPONSE

Deerfield has released a new version of MDaemon, 3.5.1.0 and is available at the following URL;

http://mdaemon.deerfield.com/download/getmdaemon.cfm

CREDIT
Discovered b
y Defcom Labs

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish