[15062] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

MDaemon Mail Server DoS - FIXED

daemon@ATHENA.MIT.EDU (Arvel Hathcock)
Fri May 26 00:09:59 2000

X-Mdaemon-Deliver-To: BUGTRAQ@SECURITYFOCUS.COM
X-Mdrcpt-To: BUGTRAQ@SECURITYFOCUS.COM
Message-Id:  <MDAEMON-F200005251349.AA494288md50000498299@altn.com>
Date:         Thu, 25 May 2000 13:49:42 -0500
Reply-To: Arvel@altn.com
From: Arvel Hathcock <Arvel@ALTN.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <NCBBJHKLEKDDKGOCJBBPEEKAGCAA.jnj@pobox.com>

> Deerfield Communications (the Wingate perpetrators) MDaemon POP
> server is vulnerable to bigass usernames causing a DoS.  MDaemon is a
> mail server package for 95,98,NT and Win2k.  Many systems that run
> Deerfield's World Client web-mail also use MDaemon.
>
> Exploit tested on Win2kpro running MDaemon 3.0.3

Thanks for pointing this out.  We have since fixed this problem in our
mail server.  There are patches and new complete installation archives
which address this problem here:

ftp://ftp.altn.com/MDaemon/Release/

Thanks again!

Arvel Hathcock - CEO Alt-N Technologies
=======================================
MDaemon - http://www.mdaemon.com
RelayFax - http://www.relayfax.com
WorldClient - http://www.worldclient.com
========================================


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15062] in bugtraq

MDaemon Mail Server DoS - FIXED

daemon@ATHENA.MIT.EDU (Arvel Hathcock)Fri May 26 00:09:59 2000

daemon@ATHENA.MIT.EDU (Arvel Hathcock)
Fri May 26 00:09:59 2000