Info

Disclosure

May 24, 2005

Discovery

Apr 15, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in IMail Server. The IMAP service (IMAP4D32.EXE) fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long string to the 'SELECT' command, a remote attacker can cause the IMAP service to crash resulting in a loss of availability.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 8.2 Hotfix 2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ipswitch, Inc.

IMail Server

8.13

IMail Server

8.12

References

Security Tracker: 1014047
Secunia Advisory ID: 15483
Related OSVDB ID: 16803 16804 16805 16806
CVE ID: 2005-1254 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0276.html
Other Advisory URL: http://www.idefense.com/application/poi/display?id=241&type=vulnerabilities
Vendor Specific Advisory URL: http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html

Credit

Sebastian Apelt - webmasterbuzzworld.org -

Direct URL: http://osvdb.org/36218