Ipswitch IMail Server Long HELO Overflow

1998-03-10T00:00:00
ID OSVDB:6118
Type osvdb
Reporter OSVDB
Modified 1998-03-10T00:00:00

Description

Vulnerability Description

Ipswitch IMail Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 1024 or more characters to port 25, an attacker will crash the server.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Ipswitch IMail Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 1024 or more characters to port 25, an attacker will crash the server.

References:

Vendor URL: http://www.ipswitch.com/products/IMail_Server/index.html Related OSVDB ID: 5970 Related OSVDB ID: 6117 Related OSVDB ID: 6031 ISS X-Force ID: 886 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/heloexpl.c CVE-1999-0284 Bugtraq ID: 8621