Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer Overflow Vulnerability

Bugtraq ID:	12780
Class:	Boundary Condition Error
CVE:	CVE-2005-0707
Remote:	Yes
Local:	No
Published:	Mar 10 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery of this vulnerability is credited to Nico Steinhardt.
Vulnerable:	Ipswitch Ipswitch Collaboration Suite Ipswitch IMail 8.14 Ipswitch IMail 8.13 Ipswitch IMail 8.1 Ipswitch IMail 8.0.5 Ipswitch IMail 8.0.3 Ipswitch IMail 7.12 Ipswitch IMail 7.1 Ipswitch IMail 7.0.7 Ipswitch IMail 7.0.6 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home Ipswitch IMail 7.0.5 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home Ipswitch IMail 7.0.4 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Ipswitch IMail 7.0.3 Ipswitch IMail 7.0.2 Ipswitch IMail 7.0.1 Ipswitch IMail 6.4 Ipswitch IMail 6.3 Ipswitch IMail 6.2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Ipswitch IMail 6.1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Ipswitch IMail 6.0.6 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 Ipswitch IMail 6.0.5 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 Ipswitch IMail 6.0.4 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 Ipswitch IMail 6.0.3 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 Ipswitch IMail 6.0.2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Ipswitch IMail 6.0.1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Ipswitch IMail 6.0 - Microsoft Windows NT 3.5.1 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Ipswitch IMail 5.0.8 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Ipswitch IMail 5.0.7 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 + Microsoft Windows NT 4.0 Ipswitch IMail 5.0.6 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 + Microsoft Windows NT 4.0 Ipswitch IMail 5.0.5 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 + Microsoft Windows NT 4.0 Ipswitch IMail 5.0 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0
Not Vulnerable:	Ipswitch IMail 8.15 Hotfix 1

Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer Overflow Vulnerability

The Ipswitch Collaboration Suite IMail IMAP service is reported prone to a buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on arguments that are passed to the EXAMINE command.

It is conjectured that a remote authenticated attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service. Immediate consequences of a failed exploit attempt would be a denial of service due to the application crashing on an access violation.

IMail Server version 8.13 an earlier are reported prone to this vulnerability.

Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer Overflow Vulnerability

Solution:
The vendor has released a hotfix to address this vulnerability:


Ipswitch IMail 5.0

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 5.0.5

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 5.0.6

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 5.0.7

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 5.0.8

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.0

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.0.1

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.0.2

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.0.3

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.0.4

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.0.5

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.0.6

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.1

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.2

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.3

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 6.4

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.0.1

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.0.2

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.0.3

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.0.4

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.0.5

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.0.6

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.0.7

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.1

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 7.12

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 8.0.3

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 8.0.5

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 8.1

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 8.13

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch IMail 8.14

• Ipswitch IM815HF1.exe
  ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe

Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer Overflow Vulnerability

References:

• iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE B ("iDEFENSE Labs" )