IMail IMAP STATUS buffer overflow
Added: 11/29/2005CVE: CVE-2005-1256
BID: 13727
OSVDB: 16806
Background
IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, and a web interface and web calendaring service.Problem
A buffer overflow when processing long mailbox names specified in the STATUS command allows an authenticated user to execute arbitrary code.Resolution
Upgrade to IMail 8.15 with Hotfix 2 or higher, IMail 8.2 with Hotfix 2 or higher, or Ipswitch Collaboration Suite 2.0 with Hotfix 2 or higher.References
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=244&type=vulnerabilitiesLimitations
Exploit works on IpSwitch IMail Server 8.14 on Windows 2000 SP4 and Windows Server 2003 SP2 with KB956572. A valid IMAP login and password are required.Platforms
Windows 2000Windows Server 2003
Back to exploit index