IMail SMTP RCPT TO buffer overflow

Added: 09/29/2006
CVE: CVE-2006-4379
BID: 19885
OSVDB: 28576

Background

IMail is an e-mail server for Windows platforms.

Problem

A buffer overflow vulnerability in the SMTP daemon allows remote command execution by sending a RCPT TO argument containing a long string between @ and : characters.

Resolution

Upgrade to IMail 2006.1 or higher.

References

http://www.securityfocus.com/archive/1/445521

Limitations

Exploit works with IMail Server 8.10. Exploitation requires that the server have a fixed IP address. Due to the nature of the vulnerability, the success of the exploit may depend on the state of the target system.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index