Links
- Other Posts
- Cisco IOS Advisory
- Advanced Phishing Advisory
MDaemon IMAP Advisory
GSA Reference Number: AD080317-01
Simply Put: Alt-N MDaemon’s IMAP Server is vulnerable to a remote buffer overflow. The IMAP server’s FETCH command does not perform boundary checking on user input. Successful exploitation could result in compromise of the affected system.
Attack Details: Further details have not been released at this time, but exploit code is available on Security Focus’s website. To exploit the vulnerability, the attacker needs a username and password to log in to IMAP.
Countermeasures: Alt-N has not released a patch for this vulnerability yet. Gladiator recommends disabling IMAP access from the Internet. If external email access is necessary, setup Secure POP3 access until MDaemon is patched.
Reference Links:
- Security Focus Advisory (http://www.securityfocus.com/bid/28245)
Note: Most institutions do not allow IMAP access over the Internet, so this advisory has not been marked for email alerting.