Check Point Advisories

MDaemon SMTP and IMAP Command Buffer Overflow (CVE-2004-1546)

Check Point Reference: CPAI-2004-181
Date Published: 24 Feb 2010
Severity: Critical
Last Updated: Wednesday 24 February, 2010
Source:
Industry Reference:CVE-2004-1546
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description MDaemon is a Windows-based email server that provides full mail server functionality. MDaemon supports the SMTP, IMAP and POP3 protocols. A vulnerability exists in the way the MDaemon mail server processes certain SMTP and IMAP commands. A stack buffer overflow occurs when an overly long argument is passed to the certain SMTP and IMAP protocol commands. Exploitation of this vulnerability may lead to a denial of service condition or possibly the execution of arbitrary code with system privileges. When the SMTP vulnerability is triggered, the vulnerable target will generate a memory access violation error. Mdaemon server will crash. This will affect other services in MDaemon server, such as POP3/IMAP. If an attacker could craft the attack string carefully, remote code execution is possible. The actual behavior of the attack target depends on the actual exploit code presented by an attacker. When the IMAP vulnerability is triggered, the vulnerable target will generate a memory access violation error and Mdaemon server will crash. This will also affect other services in MDaemon server, such as POP3/IMAP. mdaemon.exe will be restarted if it was configured to automatically restart service after crictial failure in the system service. In default configuration and setup, mdaemon.exe terminates when it is being attacked and will not restart.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the MDaemon SMTP and IMAP Command Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  SMTP Protection Violation.
Attack Information:  MDaemon SMTP and IMAP command buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK