Check Point Advisories

Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow

Vulnerability
Protection

Check Point Reference:	CPAI-2011-324
Date Published:	5 Jul 2011
Severity:	High
Last Updated:	Wednesday 13 July, 2016
Source:
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is an implementation of the server side of the IMAP protocol. A Buffer overflow vulnerability has been reported in Ipswitch IMail Server List Mailer component. This is a Buffer overflow vulnerability. The vulnerability is due to a boundary check error in the IMailSrv.exe while handling "Reply-To" SMTP header in the incoming messages. Attackers can trigger this vulnerability by sending a crafted DATA command to the server which contains multiple and long enough "Reply-To" headers. The vulnerability is triggered when the vulnerable program parses the malicious message. Successful exploitation of this vulnerability can lead to arbitrary code execution under the context of the System user.

Protection Overview

This protection will detect and block such maliciously crafted SMTP messages.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: SMTP Protection Violation.
Attack Information: Ipswitch IMail Server list mailer Reply-To address buffer overflow