Ipswitch IMail IMAP SUBSCRIBE command buffer overflow
Added: 08/02/2007CVE: CVE-2007-3927
BID: 24962
OSVDB: 36222
Background
IMail is an e-mail server for Windows platforms.Problem
A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command.Resolution
Upgrade to Ipswitch IMail Server version 2006.21.References
http://www.zerodayinitiative.com/advisories/ZDI-07-043.htmlLimitations
Exploit works on Ipswitch IMail 2006.2 and requires a valid IMAP login and password.Platforms
Windows 2000Windows Server 2003
Back to exploit index