SMTP: MDaemon Mail Server Overflow

This signature detects attempts to exploit a known vulnerability against the MDaemon mail server. MDaemon 6.7.9 and older versions are vulnerable. Attackers can send an overly long SMTP, SAML, SOML, or SEND command to overflow the buffer and crash the MDaemon service; attackers can also obtain complete server control with SYSTEM level access.

Extended Description

A vulnerability in the MDaemon email server is caused by user-supplied strings which are improperly checked. This could enable an attacker to cause a denial of service, or execute arbitrary commands on a system with the privileges of the current account running the MDaemon email server.

Short Name
APP:MDAEMON:SEND-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
MDaemon Mail Overflow Server
Release Date
09/30/2004
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3375
False Positive
Unknown

Found a potential security threat?