spy1
May 21st, 2002, 04:27 PM
Help Net Security have announced -at
http://www.net-security.org/vuln.php?id=1695- that the popular Imail mail
server is affected by a security problem that could allow remote access to
the server with system account privileges.
The vulnerability affects Imail versions 7.1 and earlier and stems from a
buffer overflow in the Ipswitch Imail LDAP component. The problem arises on
authentication in the server, as an attacker could provide an overly long
string to the "bind DN" parameter causing a buffer overflow and interrupting
the Imail service. If the attacker had carefully crafted the parameter, they
could also run code on the server.
To fix this vulnerability, Ipswitch *have made a patch available at the
following address:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM710HF1.exe
http://www.net-security.org/vuln.php?id=1695- that the popular Imail mail
server is affected by a security problem that could allow remote access to
the server with system account privileges.
The vulnerability affects Imail versions 7.1 and earlier and stems from a
buffer overflow in the Ipswitch Imail LDAP component. The problem arises on
authentication in the server, as an attacker could provide an overly long
string to the "bind DN" parameter causing a buffer overflow and interrupting
the Imail service. If the attacker had carefully crafted the parameter, they
could also run code on the server.
To fix this vulnerability, Ipswitch *have made a patch available at the
following address:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM710HF1.exe