Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ipswitch IMail Format String and 'LIST' Command DoS

High

Synopsis

The remote host is vulnerable to a format string flaw.

Description

The remote host is running a version of the Ipswitch Collaboration Suite / Ipswitch IMail IMAP server that is prone to a format string flaw. An attacker exploiting this flaw would send a malformed string to the remote mail server. Successful exploitation would result in the attacker executing arbitrary code. The affected SMTP arguments are: EXPN, MAIL, MAIL FROM, and RCPT TO. In addition, the remote host is vulnerable to a flaw when processing very long 'LIST' commands. Successful exploitation results in the remote service crashing.

Solution

Upgrade to version 8.22.0 of IMail or version 2.0.0.2 of the Ipswitch Collaboration Suite.