CVE-2000-1021

Mdaemon 3.1.1 - Heap Overflow via Long URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1021. PoCs published by Ussr Labs.

AI-analyzed exploit summary This Perl script demonstrates a denial-of-service (DoS) exploit for multiple vulnerable servers by sending oversized input strings to trigger buffer overflows. It targets specific versions of FTP, SMTP, POP3, and HTTP servers, causing them to crash.

Description

Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ussr Labs · perldoswindows
https://www.exploit-db.com/exploits/20225

This Perl script demonstrates a denial-of-service (DoS) exploit for multiple vulnerable servers by sending oversized input strings to trigger buffer overflows. It targets specific versions of FTP, SMTP, POP3, and HTTP servers, causing them to crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Multiple servers including MDaemon 2.8.5.0, G6 FTP Server 2.0b4/5, Avirt Mail Server 3.5, and others
No auth needed
Prerequisites: Network access to the target server · Perl environment with IO::Socket and Getopt::Std modules
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1689
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5250
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=96925269716274&w=2

Scores

EPSS 0.0380
EPSS Percentile 88.6%

Details

Status published
Products (1)
alt-n/mdaemon 3.1.1
Published Dec 11, 2000
Tracked Since Feb 18, 2026