[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : MDaemon 3.5.1 Vulnerability

Title: MDaemon 3.5.1 Vulnerability
Released by: Mohamed Riyad
Date: 15th December 2000
Printable version: Click here 
Ok, This is my second post in the years and I have been reading all your

postings so far. You all are doing a great job indeed.



I would like to point out a security problem in MDaemon mail server (even in

ver 3.5.1 the latest).



My setup:

          Windows NT 4.0 server (SP 6.0a)

          MDaemon Pro ver 3.5.1 (The latest update I downloaded last night)



Note: On Windows NT machines, you must be able to login to use this exploit.

On Windows 98, anybody has access to the desktop could do it.



Problem: When the MD server is locked, any one can simply bypass the "locked

server" security and can do anything they want.



Description: If a mail server administrator wanted to deny access to MD

server , he right clicks on the system tray Icon and select "lock server"

and then MDaemon will ask for a password and again ask to confirm it.

Whenever you wanted to open MD window, you double click on the icon at

system tray, MD will ask for the password. If you enter the correct

password, you will be allowed inside.



The security could be bypassed here. Just double click on the system tray

icon of MDaemon to start. Now, MDaemon will prompt for the password. Without

entering any password the, just click on Cancel button. AND IMMEDIATELY

PRESS THE ENTER KEY and YOU WILL BE TAKEN INTO MDAEMON. You can do whatever

you wanted to do with MDaemon and then safe minimize it to close the window.



This is exploit can be used to add/delete/modify any email accounts and

mailing list. also new domains could be added. Any mails to any accounts

could be forwarded and a lot more.



I found this problem even in the very early versions of MDaemon. Two weeks

back I sent an email to ALT.COM asking for their email address to report the

security problem in MDaemon and they never replied. And I used their website

to send a message and I received NO reply at all.



So, I decided to post this message to BUGTRAQ and also CC to MDaemon Beta

list.





Thank you all



RIYAD

>From SRI LANKA





-------------------------------------------

"Intelligence is when you discover something no one else has,"






(C) 1999-2000 All rights reserved.