Buffer Overflow in Ipswitch Imail

Discussion in 'other security issues & news' started by spy1, May 21, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Help Net Security have announced -at
    http://www.net-security.org/vuln.php?id=1695- that the popular Imail mail
    server is affected by a security problem that could allow remote access to
    the server with system account privileges.

    The vulnerability affects Imail versions 7.1 and earlier and stems from a
    buffer overflow in the Ipswitch Imail LDAP component. The problem arises on
    authentication in the server, as an attacker could provide an overly long
    string to the "bind DN" parameter causing a buffer overflow and interrupting
    the Imail service. If the attacker had carefully crafted the parameter, they
    could also run code on the server.

    To fix this vulnerability, Ipswitch  have made a patch available at the
    following address:
    ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM710HF1.exe
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I hate Imail, I was once a postmaster for an internet company that used imail. What a peice of junk. I am not surprised.

    hmmm, pretty objective opinion for a mod eh?
     
Loading...
Thread Status:
Not open for further replies.