[INLINE] [INLINE]
   [INLINE] eEyelogosmall
   Home Hire News Alerts Articles Books Tools Links Contact Press 
   [INLINE] [INLINE] [INLINE]
   
   eEye - Digital Security Team Alert
   
   MDaemon Remote DoS Attack
   Systems Affected
   MDaemon v.2.7 mdsp(5)
   Release Date
   February 20, 1999
   Advisory Code
   AD02201999
   Description:
   There is a buffer overflow in MDaemon's SMTP server. The "helo" command will cause MDaemon to crash
   if aprox. 360 characters are appended to it.
   If MDaemon is running as a service the service will exit and no messages are displayed on the
   screen. If MDaemon is run as a background task (default) the typical overflow message is displayed.
   There is not much to expand on.... just a simple hole we found with Retina while testing. More to
   come later this week.
   Vendor Status
   We contacted the vender a week ago, STILL Waiting for a response...
   Copyright (c) 1999 eEye Digital Security Team
   
   Permission is hereby granted for the redistribution of this alert electronically. It is not to be
   edited in any way without express consent of eEye. If you wish to reprint the whole or any part of
   this alert in any other medium excluding electronic medium, please e-mail alert@eEye.com for
   permission.
   
   Disclaimer:
   
   The information within this paper may change without notice. Use of this information constitutes
   acceptance for use in an AS IS condition. There are NO warranties with regard to this information.
   In no event shall the author be liable for any damages whatsoever arising out of or in connection
   with the use or spread of this information. Any use of this information is at the user's own risk.
   
   Please send suggestions, updates, and comments to:
   
   eEye Digital Security Team
   
   info@eEye.com
   http://www.eEye.com
   [INLINE]
   [LINK] 
   [INLINE]
   
        Copyright © 1998-1999 eEye.com - All Rights Reserved. eEye is an www.eCompany.com Venture.