CVE-2004-1546
published 2004-12-31CVE-2004-1546: Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
31.08%
98.0th percentile
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alt-n | mdaemon | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow
exploitdb·2004-09-22
CVE-2004-1546 Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow
Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow
---
/////////////////////////////////////////////////////////////
// Remote proof-of-concept exploit //
// for //
// Mdaemon IMAP server v6.5.1 //
// and //
// possible other version. //
// Find bug: D_BuG. //
// Author: D_BuG. //
// [email protected] //
// Data: 16/09/2004 //
// NOT PUBLIC! //
// //
/////////////////////////////////////////////////////////////
#include
#include
#include
#include
#include
#include
int sock,err;
struct sockaddr_in sa;
int main (int argc, char *argv[])
{
printf("Remote proof-of-concept(buffer overflow) exploit\n");
printf(" for \n");
printf("Mdaemon IMAP server v6.5.1 and possible other version.\n");
if(argc!=3)
{
printf("Usage: %s \n",argv[0]);
printf("e.g.:%s 192.168.1.1 143\n",argv[0]);
exit(-1);
}
Exploit-DB
Alt-N MDaemon 6.5.1 SMTP Server - Multiple Command Remote Overflows
exploitdb·2004-09-16
CVE-2004-1546 Alt-N MDaemon 6.5.1 SMTP Server - Multiple Command Remote Overflows
Alt-N MDaemon 6.5.1 SMTP Server - Multiple Command Remote Overflows
---
// source: https://www.securityfocus.com/bid/11238/info
Alt-N MDaemon is reportedly prone to multiple remote buffer overflow vulnerabilities. The vulnerabilities are likely due to a failure of the application to properly validate buffer sizes when processing command argument input.
By sending a large argument to certain SMTP commands or an IMAP command it is possible to cause this issue to present itself. Apparently, the application will not validate the size of the input before copying it into a finite buffer in process memory.
These issues can be leveraged to cause the affected process to crash, denying service to legitimate users. It is conjectured that these issues can also be leveraged to execute arbitrary co
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026770.htmlhttp://marc.info/?l=bugtraq&m=109591179510781&w=2http://www.osvdb.org/10223http://www.osvdb.org/10224http://www.securityfocus.com/bid/11238http://www.securitylab.ru/48146.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17476https://exchange.xforce.ibmcloud.com/vulnerabilities/17477http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026770.htmlhttp://marc.info/?l=bugtraq&m=109591179510781&w=2http://www.osvdb.org/10223http://www.osvdb.org/10224http://www.securityfocus.com/bid/11238http://www.securitylab.ru/48146.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17476https://exchange.xforce.ibmcloud.com/vulnerabilities/17477
2004-12-31
Published