GEN:SID | 1:2121 |
Message | POP3 DELE negative argument attempt |
Summary | This event is generated when a remote user uses a negative argument in the DELE command sent to port 110 on an internal server. This may indicate an attempt to exploit a boundary checking vulnerability in the POP DELE command in the Alt-N MDaemon mail server.
|
Impact | The service will crash when it attempts to process the command. The attacker must have a valid POP account on the mail server to attempt this exploit.
|
Detailed Information | This event may indicate an attempt to exploit a boundary checking vulnerability in the DELE command on the Alt-N MDaemon POP server. If an authenticated user sends the DELE command with a negative argument to the POP server, the MDaemon service will crash when it attempts to process the command. Note that this exploit can only be attempted by an authenticated user with a valid IMAP account on the server.
|
Affected Systems | Any operating system that runs the following IMAP servers: -Alt-N MDaemon 6.0.0 -Alt-N MDaemon 6.0.5 -Alt-N MDaemon 6.0.6 -Alt-N MDaemon 6.0.7
|
Attack Scenarios | An authenticated user can send a DELE -1 command to the POP server, which will cause the service to crash.
|
Ease of Attack | Simple. Exploits and proof of concept exists.
|
Corrective Action | Upgrade to Alt-N MDaemon 6.5.0 or later.
Check the host for signs of compromise.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/7445 http://www.securityfocus.com/bid/6053
|
Rule References | bugtraq: 6053
bugtraq: 7445
cve: 2002-1539
|