OSVDB ID: 22763

Title: E-Post Multiple Products IMAP DELETE Command Mailbox Name Overflow DoS

Info

Disclosure

Jan 25, 2006

Discovery

Jan 13, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

E-Post contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP service receives a DELETE command with a long mailbox name, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.

Products

E-POST Inc.	E-Post Mail Server Enterprise	4.10
	E-Post Mail Server	4.10
	E-Post SMTP Server Enterprise	4.10
	E-Post SMTP Server	4.10
	SPA-PRO Mail @Solomon Enterprise	4.00
	SPA-PRO Mail @Soloman	4.00
	SPA-PRO SMTP @Soloman	4.00

References

Bugtraq ID: 16379
Secunia Advisory ID: 18480
CVE ID: 2006-0447 (see also: NVD)
Related OSVDB ID: 22761 22762 22764 22765 22766
ISS X-Force ID: 24334
Other Advisory URL: http://secunia.com/secunia_research/2006-1/advisory/
Vendor URL: http://www.e-postinc.jp/

Credit

Tan Chew Keong - vulnsecunia.com - Secunia Research

Direct URL: http://osvdb.org/22763

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

E-POST Inc.

E-Post Mail Server Enterprise

E-Post Mail Server

E-Post SMTP Server Enterprise

E-Post SMTP Server

SPA-PRO Mail @Solomon Enterprise

SPA-PRO Mail @Soloman

SPA-PRO SMTP @Soloman

References

Credit