CVE-2006-4364

EPSS 54.6%

Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/2245unverified exploitdbwww.exploit-db.com/exploits/2258unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://files.altn.com/MDaemon/Release/RelNotes_en.txt http://secunia.com/advisories/21595 http://securityreason.com/securityalert/1446 http://securitytracker.com/id?1016729 https://exchange.xforce.ibmcloud.com/vulnerabilities/28517 https://www.exploit-db.com/exploits/2245 http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-08-04 http://www.osvdb.org/28125 http://www.securityfocus.com/archive/1/444015/100/0/threaded http://www.securityfocus.com/bid/19651 http://www.vupen.com/english/advisories/2006/3361