MDaemon IMAP FETCH command buffer overflow

Added: 03/31/2008
CVE: CVE-2008-1358
BID: 28245
OSVDB: 43111

Background

MDaemon is an e-mail server for Windows.

Problem

A buffer overflow vulnerability in the IMAP service allows authenticated users to execute arbitrary commands by sending a FETCH command with a long BODY.

Resolution

Upgrade to MDaemon 9.6.5.

References

http://secunia.com/advisories/29382/

Limitations

Exploit works on MDaemon 9.6.4 and requires the login and password of a valid IMAP user.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index