CVE-2006-4364

Name of the Vulnerable Software and Affected Versions Alt-N MDaemon versions 9.0.5 and prior

Description The issue is related to multiple heap-based buffer overflows in the POP3 server. These overflows can be triggered by remote attackers sending long strings that contain '@' characters in the USER and APOP commands, potentially leading to a denial of service (daemon crash) and possibly allowing the execution of arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Alt-N MDaemon versions 9.0.5 and prior, update to version 9.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the POP3 server or limiting the length of input strings for the USER and APOP commands until a patch is applied.