IMail IMAP DELETE command buffer overflow

2006-06-01T00:00:00
ID SAINT:5A59AF1627D3B095EE8E2C13A6202E3B
Type saint
Reporter SAINT Corporation
Modified 2006-06-01T00:00:00

Description

Added: 06/01/2006
CVE: CVE-2004-1520
BID: 11675
OSVDB: 11838

Background

IMail is an e-mail server for Windows platforms.

Problem

A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted **DELETE** command. The attacker would need to know a valid e-mail login and password on the server in order to exploit this vulnerability.

Resolution

Apply IMail Server 8.14 Hotfix 1.

References

<http://secunia.com/advisories/13200>

Limitations

Exploit works on IMail 8.13. A valid e-mail login and password are required in order to exploit the vulnerability.

Platforms

Windows 2000
Windows XP
Windows XP SP1