E-Post Multiple Product IMAP DELETE Command Mailbox Name Overflow DoS

2006-01-25T04:48:14
ID OSVDB:22763
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2006-01-25T04:48:14

Description

Vulnerability Description

E-Post contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP service receives a DELETE command with a long mailbox name, and will result in loss of availability for the service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.

Short Description

E-Post contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP service receives a DELETE command with a long mailbox name, and will result in loss of availability for the service.

References:

Vendor URL: http://www.e-postinc.jp/ Secunia Advisory ID:18480 Related OSVDB ID: 22762 Related OSVDB ID: 22764 Related OSVDB ID: 22761 Related OSVDB ID: 22765 Related OSVDB ID: 22766 Other Advisory URL: http://secunia.com/secunia_research/2006-1/advisory/ ISS X-Force ID: 24334 CVE-2006-0447 Bugtraq ID: 16379