|
Family: Denial of Service --> Category: denial
IA eMailServer Remote Format String Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for remote format string vulnerability in IA eMailServer
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote mail server is affected by a format string vulnerability.
Description :
The remote host is running True North Software's IA eMailServer, a
messaging system for Windows.
The remote version of IA eMailServer suffers from a format string
vulnerability leading to a denial of service that can be exploited by
an authenticated user when sending a specially-crafted IMAP LIST
command.
Note that, given the nature of format string vulnerabilities, this
issue may also result in remote code execution within the context of
the affected application, although this is just conjecture at this
point.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034727.html
Solution :
Upgrade to IA eMailServer 5.3.4 Build 2019 or greater.
Threat Level:
Low / CVSS Base Score : 1
(AV:R/AC:L/Au:R/C:N/A:P/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|