SurgeMail IMAP Server SEARCH Command Remote Buffer Overflow
Medium Nessus Plugin ID 25929
SynopsisThe remote mail server is affected by a buffer overflow vulnerability.
DescriptionAccording to its banner, the remote host is running a version of the SurgeMail Mail Server older than 3.8k2 / 3.8m. Such versions are reportedly affected by a buffer overflow flaw in its IMAP service that can be triggered using a specially crafted 'SEARCH' command. An authenticated attacker can leverage this issue to crash the remote application and possibly execute arbitrary code remotely, subject to the privileges under which the application runs.
SolutionUpgrade to SurgeMail 3.8k2 / 3.8m or later.