CVE-2002-1539

Name of the Vulnerable Software and Affected Versions MDaemon versions 6.0.0 through 6.0.7

Description The issue allows remote authenticated users to cause a denial of service via long arguments in the DELE or UIDL commands, resulting in a buffer overflow. By sending a DELE or UIDL command of more than 32 bytes to a vulnerable host, a remote attacker with a valid mail account could overflow a buffer and cause all of MDaemon's mail services to crash. MDaemon must be restarted to regain normal functionality.

Recommendations For MDaemon versions 6.0.0 through 6.0.7, consider restricting access to the DELE and UIDL commands until a patch is available to prevent the buffer overflow. As a temporary workaround, limit the length of arguments accepted by these commands to prevent the denial of service.