Home page logo

bugtraq logo Bugtraq mailing list archives

RE: MDaemon SMTP/POP/IMAP server DoS
From: "Basil Hussain" <basil.hussain () kodakweddings com>
Date: Wed, 30 Oct 2002 10:10:02 -0000

The website still offers 6.0.7 (vulnerable) version for download,
So apparently no workaround exists except for shutting it down until
the patch or newer version is available.

I got this in response to my enquiry with AltN about a fix for the problem:

This has been fixed in 6.5 which will be released later today.
If you are under valid upgrade protection you should get it for

I have just installed and tested 6.5 and it appears not to be vulnerable:

+OK somedomain.com POP MDaemon 6.5.0 ready
<MDAEMON-F200210300930.AA305746MD1473 () somedomain com>
user blah
+OK blah... Recipient ok
pass 123456
+OK blah () somedomain com's mailbox has 11 total messages (33599 octets).
uidl 2147483648
1 MD50000008792:MSG:1168:29523767:3598244718
11 MD50000008802:MSG:4200:29523957:978208478
uidl 2147483649
1 MD50000008792:MSG:1168:29523767:3598244718
11 MD50000008802:MSG:4200:29523957:978208478
uidl 123456789012345678901234567890
-ERR no such message
+OK blah () somedomain com somedomain.com POP Server signing off (11 messages

Note that for large integers it just returns from the UIDL command as if no
argument were passed at all, but for even larger strings of digits, it
errors that no such message exists.

Basil Hussain

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]