IA eMailServer IMAP SEARCH Command Remote Overflow

Medium Nessus Plugin ID 20960


The remote IMAP server is susceptible to buffer overflow attacks.


The remote host is running IA eMailServer, a commercial messaging system for Windows.

The IMAP server bundled with the version of IA eMailServer installed on the remote host crashes when it receives a SEARCH command argument of 560 or more characters. An authenticated attacker could exploit this issue to crash the service and possibly to execute arbitrary code remotely.

Note that IA eMailServer can be configured to run as a service with LOCAL SYSTEM privileges, although this is not the default.


Unknown at this time.

See Also


Plugin Details

Severity: Medium

ID: 20960

File Name: ia_emailserver_search_overflow.nasl

Version: $Revision: 1.14 $

Type: remote

Agent: windows

Family: Windows

Published: 2006/02/22

Modified: 2011/03/11

Dependencies: 10125, 17975

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:ND

Vulnerability Information

Required KB Items: imap/login, imap/password

Excluded KB Items: imap/false_imap, imap/overflow

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2006/02/20

Reference Information

CVE: CVE-2006-0853

BID: 16744

OSVDB: 23377