CVE-2001-0584

Name of the Vulnerable Software and Affected Versions: Alt-N MDaemon version 3.5.6 Alt-N MDaemon version 5.0.7 Alt-N MDaemon versions 6.0.0 through 6.0.7 Alt-N MDaemon version 6.5.0 Alt-N MDaemon versions 6.7.5 through 6.7.9

Description: The issue allows a remote attacker with a valid user account to cause a denial of service attack due to a buffer overflow in the IMAP service. This occurs when a SELECT or EXAMINE command is followed by a string containing 250 characters or more, causing the connection to the service to close and the service to stop responding. The service must be restarted to regain normal functionality.

Recommendations: For Alt-N MDaemon version 3.5.6, consider disabling the IMAP service until a patch is available. For Alt-N MDaemon version 5.0.7, restrict access to the IMAP service to minimize the risk of exploitation. For Alt-N MDaemon versions 6.0.0 through 6.0.7, avoid using the SELECT and EXAMINE commands with long strings until the issue is resolved. For Alt-N MDaemon version 6.5.0, limit the length of strings used in IMAP commands to prevent the buffer overflow. For Alt-N MDaemon versions 6.7.5 through 6.7.9, apply configuration changes to restrict the IMAP service and prevent denial of service attacks.