IA eMailServer IMAP4 LIST Command Remote DoS

2005-06-27T03:38:36
ID OSVDB:17609
Type osvdb
Reporter RedTeam Pentesting()
Modified 2005-06-27T03:38:36

Description

Vulnerability Description

IA eMailServer contains a flaw that may allow a remote denial of service. The issue is triggered when the characters '%x' are sent as the second argument to the IMAP4 LIST command, and will result in loss of availability for the service.

Solution Description

Upgrade to version 5.3.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IA eMailServer contains a flaw that may allow a remote denial of service. The issue is triggered when the characters '%x' are sent as the second argument to the IMAP4 LIST command, and will result in loss of availability for the service.

References:

Vendor URL: http://www.tnsoft.com/ Vendor Specific News/Changelog Entry: http://www.tnsoft.com/support/faq/msreleasenotes.htm Security Tracker: 1014301 Secunia Advisory ID:15838 Other Advisory URL: http://www.securiteam.com/windowsntfocus/5JP0O20G0I.html Nessus Plugin ID:18570 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0341.html ISS X-Force ID: 21169 CVE-2005-2083 Bugtraq ID: 14065