Check Point Reference: | CPAI-2007-089 |
Date Published: | 31 Jul 2007 |
Severity: | High |
Last Updated: | Monday 01 January, 2007 |
Source: | Secunia Advisory: SA26123 |
Industry Reference: | CVE-2007-2795 |
Protection Provided by: | |
Who is Vulnerable? | Ipswitch IMail 2006 prior to 2006.21 Ipswitch IMail Plus 2006 prior to 2006.21 Ipswitch IMail Premium 2006 prior to 2006.21 |
Vulnerability Description | A buffer overflow vulnerability exists in Ipswitch IMail Server IMAP component. Ipswitch IMail server is a messaging service suite that supports numerous mail exchanging protocols, including the Internet Message Access Protocol (IMAP). IMAP is a standard protocol for accessing e-mail from a local server that provides management of received messages on a remote server. Several mail servers contain buffer overflow errors in the way they handle commands. A remote attacker can exploit this issue to trigger a buffer overflow which may lead to an application crash and to arbitrary code execution. |
Vulnerability Details | The vulnerability is due to a boundary error when processing overly long IMAP SUBSCRIBE commands. A remote attacker can exploit this flaw via a specially crafted SUBSCRIBE command. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected system. |