imap.rules

This is the snapshot of Snot Latest Rules

alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv3 invalid data version attempt"; flow:to_server,established; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,sslv3.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; content:"|16 03|"; depth:2; content:"|01|"; depth:1; offset:5; content:!"|03|"; depth:1; offset:9; metadata:policy balanced-ips drop, policy security-ips drop, service imap; reference:bugtraq,10115; reference:cve,2004-0120; reference:nessus,12204; reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx; classtype:attempted-dos; sid:2497; rev:13;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP PCT Client_Hello overflow attempt"; flow:to_server,established; flowbits:isnotset,sslv2.server_hello.request; flowbits:isnotset,sslv3.server_hello.request; flowbits:isnotset,tlsv1.server_hello.request; content:"|01|"; depth:1; offset:2; byte_test:2,>,0,5; byte_test:2,!,0,7; byte_test:2,!,16,7; byte_test:2,>,20,9; content:"|8F|"; depth:1; offset:11; byte_test:2,>,32768,0,relative; metadata:policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,10116; reference:cve,2003-0719; reference:nessus,12205; reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx; classtype:attempted-admin; sid:2517; rev:18;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv3 Client_Hello request"; flow:to_server,established; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,sslv3.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; content:"|16 03 00|"; depth:3; content:"|01|"; depth:1; offset:5; flowbits:set,sslv3.client_hello.request; flowbits:noalert; metadata:policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:2529; rev:10;)
alert tcp $HOME_NET 993 -> $EXTERNAL_NET any (msg:"IMAP SSLv3 Server_Hello request"; flow:to_client,established; flowbits:isset,sslv3.client_hello.request; content:"|16 03 00|"; depth:3; content:"|02|"; depth:1; offset:5; flowbits:set,sslv3.server_hello.request; flowbits:noalert; metadata:policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:2530; rev:10;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv3 invalid Client_Hello attempt"; flow:to_server,established; flowbits:isset,sslv3.server_hello.request; content:"|16 03|"; depth:2; content:"|01|"; depth:1; offset:5; metadata:policy security-ips drop, service imap; reference:cve,2004-0120; reference:nessus,12204; reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx; classtype:attempted-dos; sid:2531; rev:9;)


# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP append literal overflow attempt"; flow:established,to_server; content:"APPEND"; nocase; pcre:"/\sAPPEND\s[^\n]*?\s\{/smi"; byte_test:5,>,256,0,string,dec,relative; metadata:service imap; reference:bugtraq,11775; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3065; rev:6;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP append overflow attempt"; flow:established,to_server; content:"APPEND"; nocase; isdataat:256,relative; pcre:"/\sAPPEND\s[^\n]{256}/smi"; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:bugtraq,21729; reference:cve,2004-1211; reference:cve,2006-6425; reference:nessus,15867; classtype:misc-attack; sid:3066; rev:10;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP examine literal overflow attempt"; flow:established,to_server; content:"EXAMINE"; nocase; pcre:"/\sEXAMINE\s[^\n]*?\s\{/smi"; byte_test:5,>,256,0,string,dec,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3067; rev:7;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP examine overflow attempt"; flow:established,to_server; content:"EXAMINE"; nocase; isdataat:100,relative; pcre:"/\sEXAMINE\s[^\n]{100}/smi"; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3068; rev:7;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP fetch literal overflow attempt"; flow:established,to_server; content:"FETCH"; nocase; pcre:"/\sFETCH\s[^\n]*?\s\{/smi"; byte_test:5,>,256,0,string,dec,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3069; rev:7;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP fetch overflow attempt"; flow:established,to_server; content:"FETCH"; nocase; isdataat:256,relative; pcre:"/\sFETCH\s[^\n]{256}/smi"; metadata:service imap; reference:bugtraq,11775; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3070; rev:6;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP status literal overflow attempt"; flow:established,to_server; content:"STATUS"; nocase; pcre:"/\sSTATUS[^\n]*?\{/smi"; byte_test:5,>,256,0,string,dec,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:bugtraq,15491; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3071; rev:8;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP status overflow attempt"; flow:established,to_server; content:"STATUS"; nocase; isdataat:100,relative; pcre:"/\sSTATUS[^\n]{100}/smi"; metadata:service imap; reference:bugtraq,11775; reference:bugtraq,13727; reference:bugtraq,14243; reference:bugtraq,15491; reference:cve,2004-1211; reference:cve,2005-1256; reference:cve,2005-2278; reference:nessus,15867; classtype:misc-attack; sid:3072; rev:8;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP subscribe literal overflow attempt"; flow:established,to_server; content:"SUBSCRIBE"; nocase; pcre:"/\sSUBSCRIBE\s[^\n]*?\s\{/smi"; byte_test:5,>,256,0,string,dec,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3073; rev:7;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP subscribe overflow attempt"; flow:established,to_server; content:"SUBSCRIBE"; nocase; isdataat:100,relative; pcre:"/\sSUBSCRIBE\s[^\n]{100}/smi"; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:bugtraq,23050; reference:bugtraq,26219; reference:cve,2004-1211; reference:cve,2007-3510; reference:nessus,15867; classtype:misc-attack; sid:3074; rev:9;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP unsubscribe literal overflow attempt"; flow:established,to_server; content:"UNSUBSCRIBE"; nocase; pcre:"/\sUNSUBSCRIBE\s[^\n]*?\s\{/smi"; byte_test:5,>,256,0,string,dec,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,11775; reference:cve,2004-1211; reference:nessus,15867; classtype:misc-attack; sid:3075; rev:7;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP UNSUBSCRIBE overflow attempt"; flow:established,to_server; content:"UNSUBSCRIBE"; nocase; isdataat:100; pcre:"/^\w+\s+UNSUBSCRIBE\s[^\n]{100}/smi"; metadata:service imap; reference:bugtraq,11775; reference:bugtraq,15488; reference:cve,2004-1211; reference:cve,2005-3189; reference:nessus,15867; classtype:attempted-admin; sid:3076; rev:8;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP TLSv1 Client_Hello request"; flow:to_server,established; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,sslv3.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; content:"|16 03 01|"; depth:3; content:"|01|"; depth:1; offset:5; flowbits:set,tlsv1.client_hello.request; flowbits:noalert; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:3489; rev:5;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv2 Client_Hello request"; flow:to_server,established; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,sslv3.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; byte_test:1,>,127,0; content:"|01|"; depth:1; offset:2; content:"|00 02|"; depth:2; offset:5; flowbits:set,sslv2.client_hello.request; flowbits:noalert; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:3487; rev:5;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv2 Client_Hello with pad request"; flow:to_server,established; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,sslv3.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; byte_test:1,<,128,0; content:"|01|"; depth:1; offset:3; content:"|00 02|"; depth:2; offset:6; flowbits:set,sslv2.client_hello.request; flowbits:noalert; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:3488; rev:5;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP TLSv1 Client_Hello via SSLv2 handshake request"; flow:to_server,established; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,sslv3.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; byte_test:1,>,127,0; content:"|01|"; depth:1; offset:2; content:"|03 01|"; depth:2; offset:3; flowbits:set,tlsv1.client_hello.request; flowbits:noalert; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:3490; rev:5;)
alert tcp $HOME_NET 993 -> $EXTERNAL_NET any (msg:"IMAP TLSv1 Server_Hello request"; flow:to_client,established; flowbits:isset,tlsv1.client_hello.request; content:"|16 03 01|"; depth:3; content:"|02|"; depth:1; offset:5; flowbits:set,tlsv1.server_hello.request; flowbits:noalert; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:3492; rev:6;)
alert tcp $HOME_NET 993 -> $EXTERNAL_NET any (msg:"IMAP SSLv2 Server_Hello request"; flow:from_server,established; flowbits:isset,sslv2.client_hello.request; content:"|04|"; depth:1; offset:2; content:"|00 02|"; depth:2; offset:5; flowbits:set,sslv2.server_hello.request; flowbits:noalert; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; classtype:protocol-command-decode; sid:3491; rev:6;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP search literal format string attempt"; flow:established,to_server; content:"SEARCH"; nocase; pcre:"/\sSEARCH\s\w+\s\{\d+\}[\r]?\n[^\n]*?%/smi"; metadata:service imap; reference:bugtraq,10976; classtype:attempted-admin; sid:4646; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP search format string attempt"; flow:established,to_server; content:"SEARCH"; nocase; pcre:"/\sSEARCH\s[^\n]*?%/smi"; metadata:service imap; reference:bugtraq,10976; classtype:attempted-admin; sid:4645; rev:3;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP delete directory traversal attempt"; flow:established,to_server; content:"DELETE"; nocase; pcre:"/\sDELETE\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5696; rev:3;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP subscribe directory traversal attempt"; flow:established,to_server; content:"SUBSCRIBE"; nocase; pcre:"/\sSUBSCRIBE\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5702; rev:3;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP list directory traversal attempt"; flow:established,to_server; content:"LIST"; nocase; pcre:"/\sLIST\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5698; rev:3;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP examine directory traversal attempt"; flow:established,to_server; content:"EXAMINE"; nocase; pcre:"/\sEXAMINE\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5697; rev:3;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP rename directory traversal attempt"; flow:established,to_server; content:"RENAME"; nocase; pcre:"/\sRENAME\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5700; rev:3;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP lsub directory traversal attempt"; flow:established,to_server; content:"LSUB"; nocase; pcre:"/\sLSUB\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5699; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP CAPABILITY overflow attempt"; flow:established,to_server; content:"CAPABILITY"; nocase; isdataat:100,relative; pcre:"/\sCAPABILITY\s[^\n]{100}/smi"; metadata:service imap; reference:bugtraq,15006; classtype:misc-attack; sid:5705; rev:3;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP status directory traversal attempt"; flow:established,to_server; content:"STATUS"; nocase; pcre:"/\sSTATUS\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5701; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP SELECT overflow attempt"; flow:established,to_server; content:"SELECT"; nocase; isdataat:100,relative; pcre:"/\sSELECT\s[^\n]{100}/smi"; metadata:service imap; reference:bugtraq,15006; reference:cve,2006-1255; classtype:misc-attack; sid:5704; rev:4;)
# alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP unsubscribe directory traversal attempt"; flow:established,to_server; content:"UNSUBSCRIBE"; nocase; pcre:"/\sUNSUBSCRIBE\s*\S*\x2e\x2e\x2f/smi"; metadata:service imap; reference:bugtraq,15488; reference:cve,2005-3189; classtype:misc-attack; sid:5703; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv2 openssl get shared ciphers overflow attempt"; flow:to_server,established; flowbits:isnotset,sslv3.server_hello.request; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; content:"|01 03|"; depth:2; offset:2; byte_test:2, >, 256, 1, relative; metadata:service imap; reference:bugtraq,20249; reference:cve,2006-3738; reference:cve,2007-5135; reference:url,www.openssl.org/news/secadv_20060928.txt; classtype:attempted-admin; sid:8440; rev:5;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv3 openssl get shared ciphers overflow attempt"; flow:to_server,established; flowbits:isnotset,sslv3.server_hello.request; flowbits:isnotset,sslv2.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; content:"|16 03 00|"; depth:3; content:"|01|"; within:1; distance:2; content:"|03 00|"; within:2; distance:3; content:"|00|"; within:1; distance:32; byte_test:2, >, 256, 0, relative; metadata:policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,20249; reference:cve,2006-3738; reference:cve,2007-5135; reference:url,www.openssl.org/news/secadv_20060928.txt; classtype:attempted-admin; sid:8439; rev:8;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 993 (msg:"IMAP SSLv2 openssl get shared ciphers overflow attempt"; flow:to_server,established; flowbits:isnotset,sslv2.server_hello.request; flowbits:isnotset,sslv3.client_hello.request; flowbits:isnotset,tlsv1.client_hello.request; content:"|01 00 02|"; depth:3; offset:2; byte_test:2, >, 256, 0, relative; metadata:policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,20249; reference:cve,2006-3738; reference:cve,2007-5135; reference:url,www.openssl.org/news/secadv_20060928.txt; classtype:attempted-admin; sid:8438; rev:7;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP Novell NetMail APPEND command buffer overflow attempt"; flow:established,to_server; content:"AP"; nocase; isdataat:256,relative; pcre:"/\sAP[A-Za-z]{4}\s[^\n]{256}/smi"; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service imap; reference:bugtraq,21723; reference:cve,2006-6425; classtype:misc-attack; sid:10011; rev:6;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP CRAM-MD5 authentication method buffer overflow"; flow:established,to_server; content:"AUTHENTICATE CRAM-MD5"; nocase; pcre:"/AUTHENTICATE CRAM-MD5\r?\n[^\n]{364}/smi"; metadata:service imap; reference:bugtraq,11675; reference:bugtraq,23172; reference:cve,2004-1520; reference:cve,2007-1675; classtype:attempted-admin; sid:11004; rev:5;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP Ipswitch IMail search command buffer overflow attempt"; flow:to_server,established; content:"charset"; nocase; pcre:"/^\S+\s+(uid\s+|)search\s+charset\s*\{\s*/smi"; byte_test:5,>,250,0,string,dec,relative; reference:bugtraq,24962; reference:cve,2007-3925; reference:url,docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease; reference:url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=563; classtype:attempted-admin; sid:12115; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP GNU Mailutils request tag format string vulnerability"; flow:to_server,established; content:"%"; content:"n"; distance:0; pcre:"/^\S*\x25(\d+\x24)?\d*h?n\s/sm"; reference:bugtraq,13764; reference:cve,2005-1523; classtype:attempted-admin; sid:12392; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP Ipswitch IMail literal search date command buffer overflow attempt"; flow:to_server,established; content:"search"; nocase; pcre:"/^\S+\s+(uid\s+|)search\s[^\n]*(sent|)(on|before|since)\s*\{\s*/smi"; byte_test:5,>,64,0,string,dec,relative; reference:bugtraq,24962; reference:cve,2007-3925; reference:url,docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease; reference:url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=563; classtype:attempted-admin; sid:12212; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP Ipswitch IMail search date command buffer overflow attempt"; flow:to_server,established; content:"search"; nocase; pcre:"/^\S+\s+(uid\s+|)search\s[^\n]*(sent|)(on|before|since)\s+[^\s]{64}/smi"; reference:bugtraq,24962; reference:cve,2007-3925; reference:url,docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease; reference:url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=563; classtype:attempted-admin; sid:12213; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP Ipswitch IMail search command buffer overflow attempt"; flow:to_server,established; content:"charset"; nocase; pcre:"/^\S+\s+(uid\s+|)search\s+charset\s+[^\s]{250}/smi"; reference:bugtraq,24962; reference:cve,2007-3925; reference:url,docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease; reference:url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=563; classtype:attempted-admin; sid:12114; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt"; flow:to_server,established; content:"FETCH"; nocase; content:"BODY"; content:"["; isdataat:256,relative; content:!"]"; within:256; metadata:policy balanced-ips drop, policy security-ips drop, service imap; reference:bugtraq,28245; reference:cve,2008-1358; reference:url,files.altn.com/MDaemon/Release/RelNotes_en.txt; classtype:attempted-admin; sid:13663; rev:2;)