Vulnerabilities > CVE-2006-4364 - Remote Pre-Authentication POP3 Buffer Overflow vulnerability in Alt-N MDaemon

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

alt-n

nessus

exploit available

NVD

Published: 2006-08-27

Updated: 2018-10-17

Summary

Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.

Vulnerable Configurations

Part	Description	Count
Application	Alt-N ALT N Mdaemon 2.8 ALT N Mdaemon 2.8.5.0 ALT N Mdaemon 2.71_Sp1 ALT N Mdaemon 3.0.3 ALT N Mdaemon 3.0.4 ALT N Mdaemon 3.1.1 ALT N Mdaemon 3.1.2 ALT N Mdaemon 3.1_Beta ALT N Mdaemon 3.5.0 ALT N Mdaemon 3.5.1 ALT N Mdaemon 3.5.4 ALT N Mdaemon 3.5.6 ALT N Mdaemon 5.0 ALT N Mdaemon 5.0.1 ALT N Mdaemon 5.0.2 ALT N Mdaemon 5.0.3 ALT N Mdaemon 5.0.4 ALT N Mdaemon 5.0.5 ALT N Mdaemon 5.0.6 ALT N Mdaemon 5.0.7 ALT N Mdaemon 6.0 ALT N Mdaemon 6.0.5 ALT N Mdaemon 6.0.6 ALT N Mdaemon 6.0.7 ALT N Mdaemon 6.5.0 ALT N Mdaemon 6.5.1 ALT N Mdaemon 6.5.2 ALT N Mdaemon 6.7.5 ALT N Mdaemon 6.7.9 ALT N Mdaemon 6.8.0 ALT N Mdaemon 6.8.1 ALT N Mdaemon 6.8.2 ALT N Mdaemon 6.8.3 ALT N Mdaemon 6.8.4 ALT N Mdaemon 6.8.5 ALT N Mdaemon 7.2 ALT N Mdaemon 8.1.1 ALT N Mdaemon 8.1.3 ALT N Mdaemon 8.1.4 ALT N Mdaemon 9.0.1 ALT N Mdaemon 9.0.2 ALT N Mdaemon 9.0.3 ALT N Mdaemon 9.0.4 ALT N Mdaemon 9.0.5	47

Exploit-Db

description	MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC. CVE-2006-4364. Dos exploit for windows platform
file	exploits/windows/dos/2245.pl
id	EDB-ID:2245
last seen	2016-01-31
modified	2006-08-22
platform	windows
port
published	2006-08-22
reporter	Leon Juranic
source	https://www.exploit-db.com/download/2245/
title	MDaemon POP3 Server < 9.06 - USER Remote Buffer Overflow PoC
type	dos

description	MDaemon POP3 Server < 9.06 (USER) Remote Heap Overflow Exploit. CVE-2006-4364. Remote exploit for windows platform
id	EDB-ID:2258
last seen	2016-01-31
modified	2006-08-26
published	2006-08-26
reporter	muts
source	https://www.exploit-db.com/download/2258/
title	MDaemon POP3 Server < 9.06 - USER Remote Heap Overflow Exploit

Nessus

NASL family	Windows
NASL id	MDAEMON_906.NASL
description	According to its banner, the POP3 server bundled with the version of MDaemon on the remote host has two buffer overflows that can be triggered with long arguments to the
last seen	2020-06-01
modified	2020-06-02
plugin id	22256
published	2006-08-23
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22256
title	MDaemon < 9.0.6 POP3 Server USER / APOP Command Remote Overflow
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(22256); script_version("1.17"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id("CVE-2006-4364"); script_bugtraq_id(19651); script_name(english:"MDaemon < 9.0.6 POP3 Server USER / APOP Command Remote Overflow"); script_summary(english:"Checks version of MDaemon POP3 Server"); script_set_attribute(attribute:"synopsis", value: "The remote POP3 server is affected by multiple buffer overflow flaws."); script_set_attribute(attribute:"description", value: "According to its banner, the POP3 server bundled with the version of MDaemon on the remote host has two buffer overflows that can be triggered with long arguments to the 'USER' and 'APOP' commands. By exploiting these issues, a remote, unauthenticated user can reportedly crash the affected service or run arbitrary code with LOCAL SYSTEM privileges."); script_set_attribute(attribute:"see_also", value:"http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-08-04"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/444015/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://files.altn.com/MDaemon/Release/RelNotes_en.html"); script_set_attribute(attribute:"solution", value:"Upgrade to MDaemon version 9.0.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/23"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:alt-n:mdaemon"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("mdaemon_detect.nasl"); script_require_keys("mdaemon/installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); port = get_kb_item_or_exit("mdaemon/port"); version = get_kb_item_or_exit("mdaemon/"+port+"/version"); source = get_kb_item_or_exit("mdaemon/"+port+"/source"); fix = "9.0.6"; if (version =~ "^([0-8]\.\|9\.0\.[0-5]($\|[^0-9]))") { if (report_verbosity > 0) { report = '\n' + '\n Source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "MDaemon", port, version);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References