IMail IMAP STATUS buffer overflow

Added: 11/29/2005
CVE: CVE-2005-1256
BID: 13727
OSVDB: 16806

Background

IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, and a web interface and web calendaring service.

Problem

A buffer overflow when processing long mailbox names specified in the STATUS command allows an authenticated user to execute arbitrary code.

Resolution

Upgrade to IMail 8.15 with Hotfix 2 or higher, IMail 8.2 with Hotfix 2 or higher, or Ipswitch Collaboration Suite 2.0 with Hotfix 2 or higher.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=244&type=vulnerabilities

Limitations

Exploit works on IpSwitch IMail Server 8.14 on Windows 2000 SP4 and Windows Server 2003 SP2 with KB956572. A valid IMAP login and password are required.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index