|
|
Family: Gain a shell remotely --> Category: mixed
Ipswitch IMail IMAP EXAMINE Argument Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for IMAP EXAMINE argument buffer overflow vulnerability in Ipswitch IMail
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IMAP server is vulnerable to a buffer overflow attack.
Description :
The remote host is running a version of the Ipswitch Collaboration
Suite / Ipswitch IMail IMAP server that is prone to a buffer overflow
when processing an EXAMINE command with a long argument.
Specifically, if an authenticated attacker sends an EXAMINE command
with a malformed mailbox name of 259 bytes or more, he will overwrite
the saved stack frame pointer and potentially gain control of process
execution.
See also :
http://www.idefense.com/application/poi/display?id=216&type=vulnerabilities
Solution :
Apply IMail Server 8.15 Hotfix 1 (February 3, 2005).
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:L/Au:R/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
