IMail IMAP LOGIN special character vulnerability
Added: 01/04/2006CVE: CVE-2005-1255
BID: 13727
OSVDB: 16804
Background
IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, a web interface, and web calendaring.Problem
A remote attacker could execute arbitrary commands by sending a long specially crafted LOGIN command starting with a special character. The attacker would not need to have knowledge of a valid account name and password in order to exploit this vulnerability.Resolution
Install the IMail Server 8.02 Patch.References
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=243&type=vulnerabilitiesLimitations
Exploit works against Ipswitch Collaboration Suite 2.0.Platforms
Windows 2000Windows XP
Back to exploit index