Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-4364

Published: 27/08/2006 Updated: 17/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Mdaemon

Vulnerability Summary

Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon prior to 9.0.6 allow remote malicious users to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.

Vulnerable Product Search on Vulmon Subscribe to Product

alt-n mdaemon 3.1_beta

alt-n mdaemon 3.5.0

alt-n mdaemon 5.0.1

alt-n mdaemon 5.0.2

alt-n mdaemon 6.0

alt-n mdaemon 6.0.5

alt-n mdaemon 6.0.6

alt-n mdaemon 6.8.0

alt-n mdaemon 6.8.1

alt-n mdaemon 8.1.3

alt-n mdaemon 8.1.4

alt-n mdaemon 3.0.3

alt-n mdaemon 3.0.4

alt-n mdaemon 3.5.4

alt-n mdaemon 5.0.5

alt-n mdaemon 5.0.6

alt-n mdaemon 6.5.1

alt-n mdaemon 6.5.2

alt-n mdaemon 6.8.4

alt-n mdaemon 6.8.5

alt-n mdaemon 9.0.3

alt-n mdaemon 9.0.4

alt-n mdaemon 2.71_sp1

alt-n mdaemon 2.8

alt-n mdaemon 2.8.5.0

alt-n mdaemon 3.5.1

alt-n mdaemon 5.0.3

alt-n mdaemon 5.0.4

alt-n mdaemon 6.0.7

alt-n mdaemon 6.5.0

alt-n mdaemon 6.8.2

alt-n mdaemon 6.8.3

alt-n mdaemon 9.0.1

alt-n mdaemon 9.0.2

alt-n mdaemon 3.1.1

alt-n mdaemon 3.1.2

alt-n mdaemon 3.5.6

alt-n mdaemon 5.0

alt-n mdaemon 5.0.7

alt-n mdaemon 6.7.5

alt-n mdaemon 6.7.9

alt-n mdaemon 7.2

alt-n mdaemon 8.1.1

alt-n mdaemon 9.0.5

Exploits

Exploit DB: MDaemon POP3 Server < 9.06 - 'USER' Remote Buffer Overflow (PoC)
# # PoC for Mdaemon POP3 preauth heap overflow # # Coded by Leon Juranic &lt;leonjuranic@infigohr&gt; # Infigo IS &lt;wwwinfigohr&gt; # # $host = '1921680105'; use IO::Socket; for ($x = 0 ; $x &lt; 12 ; $x++) { $sock = new IO::Socket::INET (PeerAddr =&gt; $host,PeerPort =&gt; '110', Proto =&gt; 'tcp') || die "socket error\n\n"; ...
Exploit DB: Alt-N MDaemon POP3 Server < 9.06 - 'USER' Remote Heap Overflow
#!/usr/bin/python import sys import struct import socket from time import sleep ######################################################################################## # MDaemon Pre Authentication (USER) Heap Overflow # Code based on Leon Juranic's exploit # Coded by muts - mati@see-securitycom # wwwhackingdefinedcom # wwwremote ...

References

NVD-CWE-Otherhttp://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-08-04http://files.altn.com/MDaemon/Release/RelNotes_en.txthttp://www.securityfocus.com/bid/19651http://securitytracker.com/id?1016729http://secunia.com/advisories/21595http://www.osvdb.org/28125http://securityreason.com/securityalert/1446http://www.vupen.com/english/advisories/2006/3361https://exchange.xforce.ibmcloud.com/vulnerabilities/28517https://www.exploit-db.com/exploits/2245http://www.securityfocus.com/archive/1/444015/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/2245/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook