FTGate4 IMAP EXAMINE Command Remote Overflow
Critical Nessus Plugin ID 20221
SynopsisThe remote IMAP server is prone to a buffer overflow.
DescriptionThe remote host appears to be running a version of FTGate, a commercial groupware mail server for Windows from FTGate Technology Ltd.
The version of FTGate installed on the remote host includes an IMAP server that is prone to a buffer overflow attack due to boundary errors in its handling of various IMAP commands. An authenticated attacker can exploit this issue to crash the application itself and possibly to execute arbitrary code subject to the privileges of the SYSTEM user.
SolutionUpgrade to FTGate 4.4.002 or later.