header-logo
Suggest Exploit
vendor:
IMail Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: IMail Server
Affected Version From: IMail 4.06
Affected Version To: IMail 4.06
Patch Exists: YES
Related CWE: N/A
CPE: //a:ipswitch:imail_server:4.06
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1999

Buffer Overflow in IMAPd Login Process

The imapd login process is susceptible to a buffer overflow attack which will crash the service. An attacker can send a LOGIN command with two glob arguments, where the first argument is 1200 characters and the second argument is 1300 characters, to the target machine on port 143.

Mitigation:

Upgrade to the latest version of IMail 4.06 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/502/info

The imapd login process is susceptible to a buffer overflow attack which will crash the service. 


Telnet to target machine, port 143
* OK IMAP4 Server (IMail 4.06)
X LOGIN glob1 glob2

Where glob1 is 1200 characters and glob2 is 1300 characters.

Navigation

Suggest Exploit

Services By CQR