Ipswitch IMail IMAP STATUS Command Mailbox Name Overflow

2005-05-24T15:09:11
ID OSVDB:16806
Type osvdb
Reporter iDEFENSE(idlabs-advisories@idefense.com)
Modified 2005-05-24T15:09:11

Description

Vulnerability Description

A remote overflow exists in IMail Server. The IMAP service (IMAPD32.EXE) fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long mailbox name to the 'STATUS' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

Valid login credentials are required to use the STATUS command.

Solution Description

Upgrade to version 8.2 Hotfix 2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in IMail Server. The IMAP service (IMAPD32.EXE) fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long mailbox name to the 'STATUS' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.ipswitch.com/products/IMail_Server/index.html Vendor Specific Advisory URL Security Tracker: 1014047 Secunia Advisory ID:15483 Related OSVDB ID: 16805 Related OSVDB ID: 16807 Related OSVDB ID: 16803 Related OSVDB ID: 16804 Other Advisory URL: http://www.idefense.com/application/poi/display?id=244&type=vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0272.html CVE-2005-1256