|
|
Family: Gain root remotely --> Category: infos
Ipswitch IMail Server SMTP Service Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of Ipswitch IMail
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SMTP server is affected by a buffer overflow vulnerability.
Description :
The remote host is running Ipswitch Collaboration Suite / IMail Secure
Server / IMail Server, commercial messaging and collaboration suites
for Windows.
According to its banner, the version of Ipswitch Collaboration Suite /
IMail Secure Server / IMail Server installed on the remote host has a
stack buffer overflow in its SMTP server component that can be
triggered by long strings within the characters '@' and ':'. An
unauthenticated attacker may be able to leverage this flaw to crash
the SMTP service or even to execute arbitrary code remotely.
See also :
http://www.zerodayinitiative.com/advisories/ZDI-06-028.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049302.html
http://www.ipswitch.com/support/ics/updates/ics20061.asp
http://www.ipswitch.com/support/imail/releases/im20061.asp
Solution :
Upgrade to version 2006.1 of the appropriate application.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
