Summaryinfo

A vulnerability, which was classified as critical, has been found in Alt-N MDaemon up to 13.0.3. The impacted element is the function Strip X-Headers of the component Header Parser. Performing a manipulation as part of Mail results in denial of service. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical has been found in Alt-N MDaemon up to 13.0.3 (Mail Server Software). This affects the function Strip X-Headers of the component Header Parser. The manipulation as part of a Mail leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability.

The weakness was disclosed 01/15/2013 as not defined release notes (Website). The advisory is shared at files.altn.com. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available.

Upgrading to version 13.0.4 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 58170†), OSVDB (91471†) and Secunia (SA52244†). The entries VDB-7778, VDB-7783, VDB-7784 and VDB-7785 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Mail Server Software

Vendor

• Alt-N

Name

• MDaemon

Version

• 13.0.0
• 13.0.1
• 13.0.2
• 13.0.3

License

• free

Website

• Vendor: https://www.altn.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion