IMail LDAP buffer overflow

2006-07-06T00:00:00
ID SAINT:5DFB3D20207A9B8446F4BCDA49E0F88C
Type saint
Reporter SAINT Corporation
Modified 2006-07-06T00:00:00

Description

Added: 07/06/2006
CVE: CVE-2004-0297
BID: 9682
OSVDB: 3984

Background

IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol (LDAP).

Problem

A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the Global Exception Handler by sending long, specially crafted tags, leading to command execution.

Resolution

Upgrade to the latest version of IMail or apply IMail 8.05 Hotfix 2.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=74>

Limitations

Exploit works on IMail 8.0.

Platforms

Windows