IA eMailServer IMAP SEARCH Command Remote Overflow

2006-02-20T06:50:07
ID OSVDB:23377
Type osvdb
Reporter João Antunes(jantunesdi@fc.ul.pt)
Modified 2006-02-20T06:50:07

Description

Vulnerability Description

A remote overflow exists in the Internet Anywhere (IA) eMailserver Corporate Edition IMAP server. The IA IMAP server fails to properly sanitize input to the IMAP SEARCH command resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS condition resulting in the loss of availability or the execution of arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in the Internet Anywhere (IA) eMailserver Corporate Edition IMAP server. The IA IMAP server fails to properly sanitize input to the IMAP SEARCH command resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS condition resulting in the loss of availability or the execution of arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.tnsoft.com/ Security Tracker: 1015664 Secunia Advisory ID:18986 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0352.html ISS X-Force ID: 24812 FrSIRT Advisory: ADV-2006-0686 CVE-2006-0853 Bugtraq ID: 16744