SurgeMail IMAP Server SEARCH Command Remote Buffer Overflow

Medium Nessus Plugin ID 25929


The remote mail server is affected by a buffer overflow vulnerability.


According to its banner, the remote host is running a version of the SurgeMail Mail Server older than 3.8k2 / 3.8m. Such versions are reportedly affected by a buffer overflow flaw in its IMAP service that can be triggered using a specially crafted 'SEARCH' command. An authenticated attacker can leverage this issue to crash the remote application and possibly execute arbitrary code remotely, subject to the privileges under which the application runs.


Upgrade to SurgeMail 3.8k2 / 3.8m or later.

See Also

Plugin Details

Severity: Medium

ID: 25929

File Name: surgemail_imap_search_overflow.nasl

Version: $Revision: 1.12 $

Type: remote

Family: Misc.

Published: 2007/08/23

Modified: 2016/11/03

Dependencies: 11153

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/08/14

Reference Information

CVE: CVE-2007-4377

BID: 25318

OSVDB: 37917

EDB-ID: 4287