MDaemon Server 2.5.8.0 Subject to DoS
Reported November 24, 1999 by
USSRLABS
VERSIONS AFFECTED
  • MDaemon 2.8.5.0

DESCRIPTION

USSRLabs discovered serveral denial of service conditions in Deerfield.com"s MDaemon Server v2.8.5.0. The problems are the result of buffer overflow conditions within the program code.

DEMONSTRATION

The problem affects services on ports 2000 (WorldClient) and 2002 (WebConfig.) By sending very long URLs (524 chars or more) to the services listening on those ports, the service can be made to crash, thus denying service to valid users.

VENDOR RESPONSE

UssrLabs notified Deefield.com about this problem, however no response is unknown at this time.

CREDITS
Discovered by USSRLABS

Posted here at NTSecurity.net on November 24, 1999