[INLINE] [INLINE] [INLINE] eEyelogosmall Home Hire News Alerts Articles Books Tools Links Contact Press [INLINE] [INLINE] [INLINE] eEye - Digital Security Team Alert MDaemon Remote DoS Attack Systems Affected MDaemon v.2.7 mdsp(5) Release Date February 20, 1999 Advisory Code AD02201999 Description: There is a buffer overflow in MDaemon's SMTP server. The "helo" command will cause MDaemon to crash if aprox. 360 characters are appended to it. If MDaemon is running as a service the service will exit and no messages are displayed on the screen. If MDaemon is run as a background task (default) the typical overflow message is displayed. There is not much to expand on.... just a simple hole we found with Retina while testing. More to come later this week. Vendor Status We contacted the vender a week ago, STILL Waiting for a response... Copyright (c) 1999 eEye Digital Security Team Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please e-mail alert@eEye.com for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Please send suggestions, updates, and comments to: eEye Digital Security Team info@eEye.com http://www.eEye.com [INLINE] [LINK] [INLINE] Copyright © 1998-1999 eEye.com - All Rights Reserved. eEye is an www.eCompany.com Venture.