Info

Disclosure

May 24, 2005

Discovery

Apr 25, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in IMail Server. The IMAP service (IMAPD32.EXE) fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long mailbox name to the 'STATUS' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Commercial
Disclosure: OSVDB Verified

Solution

Upgrade to version 8.2 Hotfix 2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ipswitch, Inc.

IMail Server

8.13

References

Security Tracker: 1014047
Bugtraq ID: 13727
Secunia Advisory ID: 15483
Related OSVDB ID: 16803 16804 16805 16807
CVE ID: 2005-1256 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0272.html
Other Advisory URL: http://www.idefense.com/application/poi/display?id=244&type=vulnerabilities
Vendor URL: http://www.ipswitch.com/products/IMail_Server/index.html
Vendor Specific Advisory URL: http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/imail_imap_status

Credit

iDefense - iDefense

Direct URL: http://osvdb.org/16806