Ipswitch IMail IMAP SUBSCRIBE Command Overflow

2007-03-09T00:00:00
ID OSVDB:36222
Type osvdb
Reporter Sebastian Apelt(webmaster@buzzworld.org)
Modified 2007-03-09T00:00:00

Description

Vulnerability Description

The IMail Server and Ipswitch Collaboration suite contain flaw in the 'SUBSCRIBE' command of the IMAP daemon running listening on port 143 that allows attackers to execute arbitrary code. Attackers once authenticated can pass a long string to the command thereby causing a exploitable stack-based overflow.

Solution Description

The vendor released an upgrade to fix the vulnerabilities: IMail Server 2006.21 and Collaboration Suite 2006.21

Short Description

The IMail Server and Ipswitch Collaboration suite contain flaw in the 'SUBSCRIBE' command of the IMAP daemon running listening on port 143 that allows attackers to execute arbitrary code. Attackers once authenticated can pass a long string to the command thereby causing a exploitable stack-based overflow.

References:

Vendor Specific News/Changelog Entry: http://www.ipswitch.com/support/ics/updates/ics200621.asp Vendor Specific News/Changelog Entry: http://www.ipswitch.com/support/imail/releases/im200621.asp Secunia Advisory ID:26123 Related OSVDB ID: 36220 Related OSVDB ID: 36221 Related OSVDB ID: 36219 Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-043.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0278.html