Alt-n ≫ Mdaemon

The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.

Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server.

Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.

MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.

Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.

Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.

Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments.

Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).

Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.

IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.