mailing list archives
RE: MDaemon SMTP/POP/IMAP server DoS
From: "Basil Hussain" <basil.hussain () kodakweddings com>
Date: Wed, 30 Oct 2002 10:10:02 -0000
The website still offers 6.0.7 (vulnerable) version for download,
So apparently no workaround exists except for shutting it down until
the patch or newer version is available.
I got this in response to my enquiry with AltN about a fix for the problem:
This has been fixed in 6.5 which will be released later today.
If you are under valid upgrade protection you should get it for
I have just installed and tested 6.5 and it appears not to be vulnerable:
+OK somedomain.com POP MDaemon 6.5.0 ready
<MDAEMON-F200210300930.AA305746MD1473 () somedomain com>
+OK blah... Recipient ok
+OK blah () somedomain com's mailbox has 11 total messages (33599 octets).
-ERR no such message
+OK blah () somedomain com somedomain.com POP Server signing off (11 messages
Note that for large integers it just returns from the UIDL command as if no
argument were passed at all, but for even larger strings of digits, it
errors that no such message exists.