Info

Disclosure

Mar 09, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The IMail Server and Ipswitch Collaboration suite contain flaw in the 'SUBSCRIBE' command of the IMAP daemon running listening on port 143 that allows attackers to execute arbitrary code. Attackers once authenticated can pass a long string to the command thereby causing a exploitable stack-based overflow.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit: Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

The vendor released an upgrade to fix the vulnerabilities: IMail Server 2006.21 and Collaboration Suite 2006.21

Products

Ipswitch, Inc.	IMail
Ipswitch, Inc.	Collaboration Suite

References

CVE ID: 2007-2795 (see also: NVD)
Secunia Advisory ID: 26123
Related OSVDB ID: 36219 36220 36221
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0278.html
Vendor Specific News/Changelog Entry: http://www.ipswitch.com/support/ics/updates/ics200621.asp
http://www.ipswitch.com/support/imail/releases/im200621.asp
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/imail_imap_subscribe
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-042/
http://www.zerodayinitiative.com/advisories/ZDI-07-043.html
http://www.zerodayinitiative.com/advisories/ZDI-07-043/

Credit

Sebastian Apelt - webmasterbuzzworld.org -

Direct URL: http://osvdb.org/36222

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Ipswitch, Inc.

IMail

Collaboration Suite

References

Credit