'; echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "www.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "www.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "www.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "www.hp-telecom.com") { echo ''; echo 'hp-telecom'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

POP3 Attack (Attack ID:400016)

Release Date:2009-09-27

Attack Name:UIDL negative argument attempt

OS Type:Window

Application Type

Severity:Warning

BUG ID

CVE ID

 

Description

This event is generated when a remote user uses a negative argument in the UIDL command sent to port 110 on an internal server. This may indicate an attempt to exploit a boundary checking vulnerability in the POP UIDL command in the Alt-N MDaemon mail server.

This event may indicate an attempt to exploit a boundary checking vulnerability in the UIDL command on the Alt-N MDaemon POP server. If an authenticated user sends the UIDL command with a negative argument to the POP server, the MDaemon service will crash when it attempts to process the command. Note that this exploit can only be attempted by an authenticated user with a valid IMAP account on the server.

Impact:
The service will crash when it attempts to process the command. The attacker must have a valid POP account on the mail server to attempt this exploit.

Affected Systems:
-Alt-N MDaemon 6.0.0
-Alt-N MDaemon 6.0.5
-Alt-N MDaemon 6.0.6
-Alt-N MDaemon 6.0.7

Additional References:
http://www.securityfocus.com/bid/7445
http://cgi.nessus.org/plugins/dump.php3?id=11570

 

Solution

Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.