SAINT CorporationSAINT:4EED00EA784EFD28C8EB3B2BAFD4B76DIMail IMAP STATUS buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.835 High
EPSS
Percentile
98.4%
Added: 11/29/2005
CVE: CVE-2005-1256
BID: 13727
OSVDB: 16806
Background
IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, and a web interface and web calendaring service.
Problem
A buffer overflow when processing long mailbox names specified in the STATUS command allows an authenticated user to execute arbitrary code.
Resolution
Upgrade to IMail 8.15 with Hotfix 2 or higher, IMail 8.2 with Hotfix 2 or higher, or Ipswitch Collaboration Suite 2.0 with Hotfix 2 or higher.
References
[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=244&type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=244&type=vulnerabilities
>)
Limitations
Exploit works on IpSwitch IMail Server 8.14 on Windows 2000 SP4 and Windows Server 2003 SP2 with KB956572. A valid IMAP login and password are required.
Platforms
Windows 2000
Windows Server 2003
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.835 High
EPSS
Percentile
98.4%