----- Forwarded message from Secunia Security Advisories <[EMAIL PROTECTED]> -----
TITLE: MDaemon IMAP Mail Folder Name Denial of Service SECUNIA ADVISORY ID: SA18921 VERIFY ADVISORY: http://secunia.com/advisories/18921/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: MDaemon 8.x http://secunia.com/product/5407/ DESCRIPTION: Nemesis Security Audit Group has discovered a vulnerability in MDaemon, which potentially can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of IMAP mail folder names containing format string specifiers. This can be exploited to cause the service to consume large amount of CPU resources by first creating email folders with format string specifiers in their names and then listing them. The vulnerability has been confirmed in version 8.1.4 and also reported in version 8.1.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Nemesis Security Audit Group ORIGINAL ADVISORY: http://www.nsag.ru/vuln/888.html -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dalam format HTML! Arsip : <http://mdaemon-l.dutaint.com> Henti Langgan : <mailto:[EMAIL PROTECTED]> Berlangganan : <mailto:[EMAIL PROTECTED]> Versi Terakhir : MD 8.1.4, LD 2.1.0, WA 3.1.7, MDAV 2.2.9, MDOC 2.0.5
