IMail IMAP FETCH command buffer overflow

Added: 03/15/2006
CVE: CVE-2005-3526
BID: 17063
OSVDB: 23796

Background

IMail is a mail server for Windows including SMTP, IMAP, and LDAP services.

Problem

A buffer overflow vulnerability in IMail allows remote authenticated attackers to execute arbitrary commands by sending a specially crafted FETCH command to the IMAP service.

Resolution

Upgrade to IMail 2006.03 or higher.

References

http://secunia.com/advisories/19168/

Limitations

Exploit works on IMail Server 2006(02a). At least one message must exist in the user's inbox in order for the exploit to succeed.

Platforms

Windows 2000
Windows XP

Back to exploit index