C&C Software - Canadian Distributor Wednesday, April 30, 2025


C&C Home | Product Portfolio | Resellers

Overview | Features | Pricing | Purchase | Download | Support | Anti-Virus| Contact Us | Blog Articles





MDaemon Email Server for Windows
Current version of MDaemon Messaging Server is v24.x| Release Notes |QuickStart Guide

MDaemon Security Bulletin – MD102412 - Critical

Fix to Potential Account Access Vulnerability

Published October 24, 2012

Summary

Today, the internal testing team at Alt-N discovered a vulnerability that could possibly allow remote access to MDaemon administrative settings and email. Within hours of the discovery, the Alt-N development team identified, built and tested a patch to correct the potential vulnerability.

This security update is rated Critical for affected versions of MDaemon Messaging Server. For specific information, see the Affected Software Section below.

Recommendation: For administrators of MDaemon installations, Alt-N Technologies recommends that customers apply the update immediately by downloading the appropriate version and language file listed below based upon the version currently installed. We have provided 3 different ftp site options. If you find one is too slow just try one of the others.

Known Issues: There are no known issues that customers may experience when installing this security update.

Frequently Asked Questions (FAQ) Related to This Update


Affected Software

The following versions of MDaemon have been tested and determined to be affected. Other versions are not affected. Please download the file version AND language based upon your current installation.

 

Current MDaemon Version: MDaemon 11.0.X
MDaemon Fix Version Language Installer - From ALT-N Site Installer - From C&C Site #1 Installer - From C&C Site #2
MDaemon 11.0.4 English md1104_en.exe md1104_en.exe md1104_en.exe
MDaemon 11.0.4 French md1104_fr.exe md1104_fr.exe md1104_fr.exe
Current MDaemon Version: MDaemon 12.0.X Blackberry Edition *
MDaemon Fix Version Language Installer - From ALT-N Site Installer - From C&C Site #1 Installer - From C&C Site #2
MDaemon 12.0.5 BBE English md1205be_en.exe md1205be_en.exe md1205be_en.exe
MDaemon 12.0.5 BBE French md1205be_fr.exe md1205be_fr.exe md1205be_fr.exe
Current MDaemon Version: MDaemon 12.0.X
MDaemon Fix Version Language Installer - From ALT-N Site Installer - From C&C Site #1 Installer - From C&C Site #2
MDaemon 12.0.5 English md1205_en.exe md1205_en.exe md1205_en.exe
MDaemon 12.0.5 French md1205_fr.exe md1205_fr.exe md1205_fr.exe
Current MDaemon Version: MDaemon 12.5.X
MDaemon Fix Version Language Installer - From ALT-N Site Installer - From C&C Site #1 Installer - From C&C Site #2
MDaemon 12.5.8 English md1258_en.exe md1258_en.exe md1258_en.exe
MDaemon 12.5.8 French md1258_fr.exe md1258_fr.exe md1258_fr.exe
Current MDaemon Version: MDaemon 13.0.X
MDaemon Fix Version Language Installer
MDaemon 13.0.2 English md1302_en.exe md1302_en.exe md1302_en.exe
MDaemon 13.0.2 French md1302_fr.exe md1302_fr.exe md1302_fr.exe

Frequently Asked Questions (FAQ) Related to This Update

Why were these patches released today?
Alt-N released this patch the same day the vulnerability was discovered.

What is the security impact?
Unscrupulous individuals could potentially gain access to your MDaemon administrator settings and email.

What operating systems are affected?
All Operating systems are affected by this issue.

What versions of MDaemon are affected?
MDaemon versions 11, 12, and 13 are affected.

Are any other Alt-N products affected?
No, MDaemon is the only product that is affected by this issue.

What do I need to do in order to resolve this issue?
Simply download the appropriate patch listed in the Affected Software Section of this update. There is no requirement to renew Upgrade Protection to obtain the fix.

* I have installed MDaemon BlackBerry Edition, do I need to install the BES for MDaemon feature?
If you are currently running MDaemon BlackBerry Edition version 12.0.x you will need to download the MDaemon BlackBerry Edition version 12.0.5 installer. If you are running MDaemon 12.5.x or 13.0.x with the BES components installed, you can install the appropriate version of MDaemon listed and you will NOT need to reinstall the BES components.

I'm using an older version of MDaemon than discussed here, what should I do?
MDaemon versions prior to MDaemon 11.0.0 are not affected by this issue. However, if you are running an expired license version prior to MDaemon 11, you can renew your license at the promotional discounted rate currently offered. To check the renewal price for the latest version, click here.

Additional questions can be answered by using emailing support@ccsoftware.ca.


Download | Support | Contact Us | Terms And Conditions | Privacy Policy| Blog