IMail IMAP LOGIN special character vulnerability

Added: 01/04/2006
CVE: CVE-2005-1255
BID: 13727
OSVDB: 16804

Background

IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, a web interface, and web calendaring.

Problem

A remote attacker could execute arbitrary commands by sending a long specially crafted **LOGIN** command starting with a special character. The attacker would not need to have knowledge of a valid account name and password in order to exploit this vulnerability.

Resolution

Install the IMail Server 8.02 Patch.

References

[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=243&amp;type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=243&type=vulnerabilities
>)

Limitations

Exploit works against Ipswitch Collaboration Suite 2.0.

Platforms

Windows 2000
Windows XP