OSVDB ID: 36222

Title: Ipswitch IMail IMAP SUBSCRIBE Command Overflow

Info

Disclosure

Mar 09, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The IMail Server and Ipswitch Collaboration suite contain flaw in the 'SUBSCRIBE' command of the IMAP daemon running listening on port 143 that allows attackers to execute arbitrary code. Attackers once authenticated can pass a long string to the command thereby causing a exploitable stack-based overflow.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit: Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

The vendor released an upgrade to fix the vulnerabilities: IMail Server 2006.21 and Collaboration Suite 2006.21

Products

Ipswitch, Inc.

IMail

Collaboration Suite

References

Credit

  • Sebastian Apelt - webmasterbuzzworld.org -


Direct URL: http://osvdb.org/36222