Vulnerabilities > CVE-2006-4364 - Remote Pre-Authentication POP3 Buffer Overflow vulnerability in Alt-N MDaemon
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.
Vulnerable Configurations
Exploit-Db
description MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC. CVE-2006-4364. Dos exploit for windows platform file exploits/windows/dos/2245.pl id EDB-ID:2245 last seen 2016-01-31 modified 2006-08-22 platform windows port published 2006-08-22 reporter Leon Juranic source https://www.exploit-db.com/download/2245/ title MDaemon POP3 Server < 9.06 - USER Remote Buffer Overflow PoC type dos description MDaemon POP3 Server < 9.06 (USER) Remote Heap Overflow Exploit. CVE-2006-4364. Remote exploit for windows platform id EDB-ID:2258 last seen 2016-01-31 modified 2006-08-26 published 2006-08-26 reporter muts source https://www.exploit-db.com/download/2258/ title MDaemon POP3 Server < 9.06 - USER Remote Heap Overflow Exploit
Nessus
NASL family | Windows |
NASL id | MDAEMON_906.NASL |
description | According to its banner, the POP3 server bundled with the version of MDaemon on the remote host has two buffer overflows that can be triggered with long arguments to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22256 |
published | 2006-08-23 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22256 |
title | MDaemon < 9.0.6 POP3 Server USER / APOP Command Remote Overflow |
code |
|
References
- http://files.altn.com/MDaemon/Release/RelNotes_en.txt
- http://secunia.com/advisories/21595
- http://securityreason.com/securityalert/1446
- http://securitytracker.com/id?1016729
- http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-08-04
- http://www.osvdb.org/28125
- http://www.securityfocus.com/archive/1/444015/100/0/threaded
- http://www.securityfocus.com/bid/19651
- http://www.vupen.com/english/advisories/2006/3361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28517
- https://www.exploit-db.com/exploits/2245