MDaemon Security Bulletin - MD061915 - Critical

Fix to Content Filter Vulnerability

Published June 19, 2015

Summary

Recently Alt-N discovered a vulnerability in the content filter of MDaemon and MDaemon Private Cloud that could potentially expose the server to malicious attack. The Alt-N development team has built and tested a patch to correct the potential vulnerability.

This security update is rated CRITICAL for affected versions and editions of MDaemon Messaging Server. For specific information, see the Affected Software Section below.

Recommendation: For MDaemon installations, Alt-N Technologies recommends that administrators apply the update immediately by downloading the appropriate version and language file listed below (please note specific instructions for versions 11 and 12).

Known Issues: There are no known issues that customers may experience when installing this security update.

Affected Software

The following versions of MDaemon have been tested and determined to be affected. Other versions are not affected. Please download the file version AND language based upon your current installation.

MDaemon 15.0.X (32 bit)

15.0.3 - Select Your Language

MDaemon 15.0.X (64 bit)

15.0.3 64 bit - Select Your Language

MDaemon 14.5.X (32 bit)

14.5.4 - Select Your Language

MDaemon 14.5.X (64 bit)

14.5.4 64 bit - Select Your Language

MDaemon 14.0.X

14.0.4 - Select Your Language

MDaemon 13.6.X

13.6.4 - Select Your Language

MDaemon 13.5.X

13.5.4 - Select Your Language

MDaemon 13.0.X

13.0.7 - Select Your Language

MDaemon 12.5.X

Instructions: Quit MDaemon 12.5.8, unzip this file into the \MDaemon\App\ folder, then restart MDaemon. The CFilter.dll file is replaced by this operation and it will show a version of 12.5.9 after this patch. If you are using MDaemon 12.5.0 to 12.5.7 you should update to 12.5.8 using the full installer BEFORE unzipping this small patch.

Full Installer

12.5.8 - Select Your Language

MDaemon 12.0.X

Instructions: Quit MDaemon 12.0.5, unzip this file into the \MDaemon\App\ folder, then restart MDaemon. The CFilter.dll file is replaced by this operation and it will show a version of 12.0.6 after this patch. If you are using MDaemon 12.0.0 to 12.0.4 you should update to 12.0.5 using the full installer BEFORE unzipping this small patch.

Full Installer

12.0.5 - Select Your Language

MDaemon 11.0.X

Instructions: Quit MDaemon 11.0.4, unzip this file into the \MDaemon\App\ folder, then restart MDaemon. The CFilter.dll file is replaced by this operation and it will show a version of 11.0.5 after this patch. If you are using MDaemon 11.0.0 to 11.0.3 you should update to 11.0.4 using the full installer BEFORE unzipping this small patch.

Full Installer

11.0.4 - Select Your Language

MDaemon Private Cloud

Contact our cloud representative directly at mdcloud@helpdesk.altn.com

Frequently Asked Questions (FAQ) Related to This Update

What is the security impact?
Not applying the patch could expose the mail server to malicious attack.

What operating systems are affected?
All operating systems are affected by this issue.

What versions of MDaemon are affected?
MDaemon versions 11, 12, 12.5, 13, 13.5, 13.6, 14, 14.5, 15 and MDaemon Private Cloud versions 1, 2 are affected.

Are any other Alt-N products affected?
No, MDaemon is the only product that is affected by this issue.

What do I need to do in order to resolve this issue?
Simply download the appropriate patch listed in the Affected Software Section of this update. There is no requirement to renew Upgrade Protection to obtain the fix.

Additional questions can be answered by using the web site Chat Feature in the top right header or by contacting Alt-N Technologies Support.