Ipswitch IMail Server SMTP Service Crafted RCPT String Remote Overflow

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.

Synopsis :

The remote SMTP server is affected by a buffer overflow vulnerability.

Description :

The remote host is running Ipswitch Collaboration Suite / IMail Secure
Server / IMail Server, commercial messaging and collaboration suites
for Windows.

According to its banner, the version of Ipswitch Collaboration Suite /
IMail Secure Server / IMail Server installed on the remote host has a
stack-based buffer overflow in its SMTP server component that can be
triggered by long strings within the characters '@' and ':'. An
unauthenticated attacker may be able to leverage this flaw to crash
the SMTP service or even to execute arbitrary code remotely.

See also :


Solution :

Upgrade to version 2006.1 of the appropriate application.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 22314 (ipswitch_imail_2006.1.nasl)

Bugtraq ID: 19885

CVE ID: CVE-2006-4379