Security hole in MDaemon closed in MDaemon 9.6.5
The developers of the MDaemon mail server for Windows have released an updated version which closes a critical security hole. Attackers with valid login credentials could gain complete control of systems running the server.
The vulnerability was caused by inadequate length checks when processing FETCH requests to the IMAP service. This allowed attackers to cause a buffer overflow and execute arbitrary code. The milw0rm exploit archive already contains sample malware demonstrating how malicious code can be injected and executed at system privilege level.
MDaemon 9.6.4 and possibly earlier versions are affected. The vendor has now released version 9.6.5 which resolves the vulnerability. Administrators of MDaemon servers are advised to download and install the updated version as soon as possible.
See also:
- Exploit in the milw0rm archive
- MDaemon 9.65 has been released, release note of the updated MDaemon version including a list of the resolved flaws
(mba)