eeye.99-02-20.mdaemon_dos
367f53a3e1c1cf4af9867f9aabb502047c682b336619dd3153731e9c1c6c939e
[INLINE] [INLINE]
[INLINE] eEyelogosmall
Home Hire News Alerts Articles Books Tools Links Contact Press
[INLINE] [INLINE] [INLINE]
eEye - Digital Security Team Alert
MDaemon Remote DoS Attack
Systems Affected
MDaemon v.2.7 mdsp(5)
Release Date
February 20, 1999
Advisory Code
AD02201999
Description:
There is a buffer overflow in MDaemon's SMTP server. The "helo" command will cause MDaemon to crash
if aprox. 360 characters are appended to it.
If MDaemon is running as a service the service will exit and no messages are displayed on the
screen. If MDaemon is run as a background task (default) the typical overflow message is displayed.
There is not much to expand on.... just a simple hole we found with Retina while testing. More to
come later this week.
Vendor Status
We contacted the vender a week ago, STILL Waiting for a response...
Copyright (c) 1999 eEye Digital Security Team
Permission is hereby granted for the redistribution of this alert electronically. It is not to be
edited in any way without express consent of eEye. If you wish to reprint the whole or any part of
this alert in any other medium excluding electronic medium, please e-mail alert@eEye.com for
permission.
Disclaimer:
The information within this paper may change without notice. Use of this information constitutes
acceptance for use in an AS IS condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is at the user's own risk.
Please send suggestions, updates, and comments to:
eEye Digital Security Team
info@eEye.com
http://www.eEye.com
[INLINE]
[LINK]
[INLINE]
Copyright © 1998-1999 eEye.com - All Rights Reserved. eEye is an www.eCompany.com Venture.