MDaemon Security Bulletin - MD070716 – Critical

Fix to File Attachment Vulnerability

Published July 07, 2016

Summary

Recently Alt-N discovered a potential vulnerability in MDaemon and MDaemon Private Cloud that could possibly expose the server to malicious attack. The Alt-N development team has built and tested a patch to correct the issue.

This security update is rated CRITICAL for affected versions and editions of MDaemon Messaging Server. In addition, this security update corrects all previously issued updates. For specific information, see the Affected Software Section below.

Recommendation: For MDaemon installations, Alt-N Technologies recommends that administrators apply the update immediately by downloading the appropriate version and language file listed below.

Known Issues: There are no known issues that customers may experience when installing this security update.

Affected Software

The following versions of MDaemon have been tested and determined to be affected. Other versions are not affected. Please download the file version AND language based upon your current installation.

MDaemon 16.0.X (32 bit)

16.0.4 - Select Your Language

MDaemon 16.0.X (64 bit)

16.0.4 64 bit - Select Your Language

MDaemon 15.5.X (32 bit)

15.5.4 - Select Your Language

MDaemon 15.5.X (64 bit)

15.5.4 64 bit - Select Your Language

MDaemon 15.0.X

15.0.4 - Select Your Language

MDaemon 15.0.X (64 bit)

15.0.4 64 bit - Select Your Language

MDaemon 14.5.X (32 bit)

14.5.5 - Select Your Language

MDaemon 14.5.X (64 bit)

14.5.5 64 bit - Select Your Language

MDaemon 14.0.X

14.0.5 - Select Your Language

MDaemon 13.6.X

13.6.5 - Select Your Language

MDaemon 13.5.X

13.5.5 - Select Your Language

MDaemon 13.0.X

13.0.8 - Select Your Language

MDaemon 12.5.X

12.5.9 - Select Your Language

MDaemon 12.0.X

12.0.6 - Select Your Language

MDaemon Private Cloud

Contact our cloud representative directly at mdcloud@helpdesk.altn.com

Frequently Asked Questions (FAQ) Related to This Update

What is the security impact?
Not applying the patch could expose the mail server to malicious attack.

What operating systems are affected?
All operating systems are affected by this issue.

What versions of MDaemon are affected?
MDaemon versions 12, 13, 14, 15, 16 and MDaemon Private Cloud version 3.

Are any other Alt-N products affected?
No, MDaemon is the only product that is affected by this issue.

What do I need to do in order to resolve this issue?
Simply download the appropriate patch listed in the Affected Software Section of this update. There is no requirement to renew Upgrade Protection to obtain the fix.

Additional questions can be answered by using the web site Chat Feature in the top right header or by contacting Alt-N Technologies Support.