Ipswitch IMail Web Service Long URL Overflow

1999-03-01T00:00:00
ID OSVDB:10843
Type osvdb
Reporter eEye Digital Security(info@eeye.com)
Modified 1999-03-01T00:00:00

Description

Vulnerability Description

A remote overflow exists in IMail Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP GET request containing 3,000 bytes or more, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Ipswitch has released a patch to address this vulnerability.

Short Description

A remote overflow exists in IMail Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP GET request containing 3,000 bytes or more, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.ipswitch.com/index.asp Other Advisory URL: http://www.eeye.com/html/Research/Advisories/AD19990301.html ISS X-Force ID: 1898 CVE-1999-1551 Bugtraq ID: 505