Many thanks for providing me an opportunity to respond to the recent
DoS issue reported to Bugtraq. First, let me say that a hotfix
for all our MDaemon/WorldClient Standard customers is available here:
http://www.mdaemon.com/helpdesk/hotfix.htm
and has been available since the very day the
Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability
PROBLEM:
UssrLabs found multiple places in MDaemon v2.8.5.0 where they do not use
proper bounds checking.
The following all result in a Denial of Service against the service in
question.
affected services:
WorldClient: Port